cobaltstrike | ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02

Analysis

max time kernel
105s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-09-2024 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
Size

6.0MB
MD5

bba20d23a0725ee97f986b0b02c65d60
SHA1

ae8da893efa409be2627a45fb26de04fd62dadc1
SHA256

ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02
SHA512

eee59808dc50439ec5f4aba66e49e95a9a317267cca642f9258d89ef9563f8fe2a72e3d0781de317935c7ddf16a350f87d602e6dc1eda8f0f7e63684514573c6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012254-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016276-7.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001650a-19.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000167ea-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c36-35.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-73.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc1-72.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c53-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016a49-33.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-109.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015fba-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-134.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1668-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x000d000000012254-3.dat	xmrig
behavioral1/files/0x0008000000016276-7.dat	xmrig
behavioral1/memory/2356-14-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2104-12-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x000800000001650a-19.dat	xmrig
behavioral1/files/0x00070000000167ea-20.dat	xmrig
behavioral1/files/0x0007000000016c36-35.dat	xmrig
behavioral1/memory/2252-34-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2812-41-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x000500000001938b-66.dat	xmrig
behavioral1/memory/1668-47-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019399-89.dat	xmrig
behavioral1/files/0x0005000000019280-87.dat	xmrig
behavioral1/files/0x0005000000019263-84.dat	xmrig
behavioral1/files/0x00050000000193b7-83.dat	xmrig
behavioral1/files/0x00050000000193c1-82.dat	xmrig
behavioral1/files/0x0005000000019278-73.dat	xmrig
behavioral1/files/0x0008000000016dc1-72.dat	xmrig
behavioral1/memory/2356-65-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2104-57-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c53-46.dat	xmrig
behavioral1/memory/2712-51-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016a49-33.dat	xmrig
behavioral1/memory/2076-31-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/3032-29-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/3032-94-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2556-132-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2716-141-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x000500000001941a-145.dat	xmrig
behavioral1/files/0x0005000000019537-157.dat	xmrig
behavioral1/files/0x000500000001960e-182.dat	xmrig
behavioral1/memory/2712-661-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2812-442-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2252-335-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019610-188.dat	xmrig
behavioral1/files/0x000500000001960c-173.dat	xmrig
behavioral1/files/0x000500000001960d-178.dat	xmrig
behavioral1/files/0x000500000001960a-167.dat	xmrig
behavioral1/files/0x00050000000195d9-162.dat	xmrig
behavioral1/files/0x00050000000194f3-152.dat	xmrig
behavioral1/files/0x0005000000019441-127.dat	xmrig
behavioral1/memory/2524-120-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019417-119.dat	xmrig
behavioral1/files/0x00050000000193d4-118.dat	xmrig
behavioral1/files/0x00050000000193ec-109.dat	xmrig
behavioral1/files/0x0009000000015fba-103.dat	xmrig
behavioral1/memory/2892-101-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c8-98.dat	xmrig
behavioral1/memory/1668-139-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2872-136-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194bd-135.dat	xmrig
behavioral1/files/0x0005000000019436-134.dat	xmrig
behavioral1/memory/2620-114-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2604-107-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2104-4010-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2356-4011-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2076-4012-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/3032-4013-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2812-4014-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2252-4015-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2712-4016-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2872-4017-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2892-4018-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2104	LJyJpdU.exe
2356	xKFrBaY.exe
2076	AdKkEhG.exe
3032	oDnnxHp.exe
2252	pCZSavD.exe
2812	FSjqaXF.exe
2712	FjillUL.exe
2872	hRNwokS.exe
2892	tWchBPm.exe
2604	uzfOkzh.exe
2620	BhIFgyV.exe
2716	yVdmTwK.exe
2524	lYGseZz.exe
2556	dJqRXGp.exe
3008	WowHPkU.exe
2100	bTNErCe.exe
1244	vTaNoAQ.exe
1676	DLSaOAB.exe
1524	yfLqhiW.exe
1696	ZGSksMX.exe
1628	LnsAuPN.exe
1888	sIGijlm.exe
1964	RuczjLw.exe
920	tdQhMjA.exe
2148	LNkhACS.exe
2404	rjYDHHW.exe
2216	AUsTFQm.exe
1016	OyJgYCL.exe
1408	UYgyNbV.exe
2956	UnFDguw.exe
3028	VByPTFD.exe
1600	GFdZvey.exe
996	BWdfNeq.exe
2032	ysrBUct.exe
1840	dkwVKRI.exe
272	aPWzsHw.exe
1440	pxGqYqW.exe
1216	QstQQhq.exe
1712	eUjcEIj.exe
2272	kIRJAVk.exe
1480	hffohdr.exe
1564	ifUImxW.exe
344	xoyYUbn.exe
1684	uwxLact.exe
1448	ounWqLM.exe
564	ogipsdY.exe
1588	TXbxDGQ.exe
644	PAQWHyD.exe
1860	EcRYwKK.exe
760	zKEOsaG.exe
1936	AOUpHZO.exe
896	xvYBEDY.exe
2968	CoMzCHn.exe
1836	skrqluy.exe
1644	OgwtOPw.exe
2096	XDubBhC.exe
2636	sOLyDpE.exe
2736	FimJkhK.exe
2840	RKeaGuF.exe
2932	XPUnHAN.exe
1912	wbEwigV.exe
3044	DtBIqVT.exe
2884	YTHPJcm.exe
2208	TtXLATu.exe

Loads dropped DLL 64 IoCs

pid	Process
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1668-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x000d000000012254-3.dat	upx
behavioral1/files/0x0008000000016276-7.dat	upx
behavioral1/memory/2356-14-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2104-12-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x000800000001650a-19.dat	upx
behavioral1/files/0x00070000000167ea-20.dat	upx
behavioral1/files/0x0007000000016c36-35.dat	upx
behavioral1/memory/2252-34-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2812-41-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x000500000001938b-66.dat	upx
behavioral1/memory/1668-47-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x0005000000019399-89.dat	upx
behavioral1/files/0x0005000000019280-87.dat	upx
behavioral1/files/0x0005000000019263-84.dat	upx
behavioral1/files/0x00050000000193b7-83.dat	upx
behavioral1/files/0x00050000000193c1-82.dat	upx
behavioral1/files/0x0005000000019278-73.dat	upx
behavioral1/files/0x0008000000016dc1-72.dat	upx
behavioral1/memory/2356-65-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2104-57-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x0008000000016c53-46.dat	upx
behavioral1/memory/2712-51-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0007000000016a49-33.dat	upx
behavioral1/memory/2076-31-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/3032-29-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/3032-94-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2556-132-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2716-141-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x000500000001941a-145.dat	upx
behavioral1/files/0x0005000000019537-157.dat	upx
behavioral1/files/0x000500000001960e-182.dat	upx
behavioral1/memory/2712-661-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2812-442-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2252-335-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0005000000019610-188.dat	upx
behavioral1/files/0x000500000001960c-173.dat	upx
behavioral1/files/0x000500000001960d-178.dat	upx
behavioral1/files/0x000500000001960a-167.dat	upx
behavioral1/files/0x00050000000195d9-162.dat	upx
behavioral1/files/0x00050000000194f3-152.dat	upx
behavioral1/files/0x0005000000019441-127.dat	upx
behavioral1/memory/2524-120-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0005000000019417-119.dat	upx
behavioral1/files/0x00050000000193d4-118.dat	upx
behavioral1/files/0x00050000000193ec-109.dat	upx
behavioral1/files/0x0009000000015fba-103.dat	upx
behavioral1/memory/2892-101-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x00050000000193c8-98.dat	upx
behavioral1/memory/2872-136-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x00050000000194bd-135.dat	upx
behavioral1/files/0x0005000000019436-134.dat	upx
behavioral1/memory/2620-114-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2604-107-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2104-4010-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2356-4011-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2076-4012-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/3032-4013-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2812-4014-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2252-4015-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2712-4016-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2872-4017-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2892-4018-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2620-4022-0x000000013FD00000-0x0000000140054000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sHcNBYi.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\nIHkYDi.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\cQvSvIh.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\Pacugcg.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\sIGijlm.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\OuMrLfS.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\bykxzcZ.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\mddDWAR.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\xWrkqKX.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\EGuWHwe.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\BWdfNeq.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\mYdsavS.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\vBjsSnq.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\ZvTFwqO.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\GDHqUSs.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\uKBhwia.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\mjVqnof.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\WPZyAhV.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\xjDPiVG.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\APZEvnT.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\nJlFYMi.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\XlwIpgu.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\aGTQzfO.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\phmuFCk.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\sNnPwxv.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\jgNVgXv.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\MNoGGGw.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\IfuEVIi.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\eisXEJF.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\PuMHuSR.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\sLoyqeM.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\YRcmAmt.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\UzSgyos.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\uzfOkzh.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\ckPtycY.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\qYDOmAG.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\oKyLwlU.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\CoMzCHn.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\TtXLATu.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\jSeBVkf.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\oQuCTJb.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\XMtepIw.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\SVScDSn.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\rXNoTir.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\KZsKuNm.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\HUozUtc.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\LjSYpXG.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\nmEdIOk.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\SqBojxq.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\YRgAvWY.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\SzCbRCR.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\BVwVLwV.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\bJZjCsv.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\uFcAEpW.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\KYnZRyI.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\HSdnuOV.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\IbYNtuT.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\prsyDns.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\ESGUyzH.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\HwZoInw.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\PvWcMmQ.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\agzxMZA.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\qORMIlj.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
File created	C:\Windows\System\ARlZxfw.exe	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2104	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	32
PID 1668 wrote to memory of 2104	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	32
PID 1668 wrote to memory of 2104	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	32
PID 1668 wrote to memory of 2356	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	33
PID 1668 wrote to memory of 2356	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	33
PID 1668 wrote to memory of 2356	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	33
PID 1668 wrote to memory of 2076	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	34
PID 1668 wrote to memory of 2076	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	34
PID 1668 wrote to memory of 2076	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	34
PID 1668 wrote to memory of 3032	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	35
PID 1668 wrote to memory of 3032	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	35
PID 1668 wrote to memory of 3032	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	35
PID 1668 wrote to memory of 2252	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	36
PID 1668 wrote to memory of 2252	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	36
PID 1668 wrote to memory of 2252	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	36
PID 1668 wrote to memory of 2812	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	37
PID 1668 wrote to memory of 2812	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	37
PID 1668 wrote to memory of 2812	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	37
PID 1668 wrote to memory of 2712	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	38
PID 1668 wrote to memory of 2712	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	38
PID 1668 wrote to memory of 2712	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	38
PID 1668 wrote to memory of 2872	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	39
PID 1668 wrote to memory of 2872	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	39
PID 1668 wrote to memory of 2872	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	39
PID 1668 wrote to memory of 2716	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	40
PID 1668 wrote to memory of 2716	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	40
PID 1668 wrote to memory of 2716	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	40
PID 1668 wrote to memory of 2892	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	41
PID 1668 wrote to memory of 2892	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	41
PID 1668 wrote to memory of 2892	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	41
PID 1668 wrote to memory of 2524	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	42
PID 1668 wrote to memory of 2524	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	42
PID 1668 wrote to memory of 2524	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	42
PID 1668 wrote to memory of 2604	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	43
PID 1668 wrote to memory of 2604	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	43
PID 1668 wrote to memory of 2604	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	43
PID 1668 wrote to memory of 2556	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	44
PID 1668 wrote to memory of 2556	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	44
PID 1668 wrote to memory of 2556	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	44
PID 1668 wrote to memory of 2620	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	45
PID 1668 wrote to memory of 2620	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	45
PID 1668 wrote to memory of 2620	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	45
PID 1668 wrote to memory of 3008	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	46
PID 1668 wrote to memory of 3008	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	46
PID 1668 wrote to memory of 3008	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	46
PID 1668 wrote to memory of 2100	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	47
PID 1668 wrote to memory of 2100	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	47
PID 1668 wrote to memory of 2100	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	47
PID 1668 wrote to memory of 1628	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	48
PID 1668 wrote to memory of 1628	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	48
PID 1668 wrote to memory of 1628	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	48
PID 1668 wrote to memory of 1244	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	49
PID 1668 wrote to memory of 1244	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	49
PID 1668 wrote to memory of 1244	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	49
PID 1668 wrote to memory of 1888	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	50
PID 1668 wrote to memory of 1888	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	50
PID 1668 wrote to memory of 1888	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	50
PID 1668 wrote to memory of 1676	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	51
PID 1668 wrote to memory of 1676	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	51
PID 1668 wrote to memory of 1676	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	51
PID 1668 wrote to memory of 1964	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	52
PID 1668 wrote to memory of 1964	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	52
PID 1668 wrote to memory of 1964	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	52
PID 1668 wrote to memory of 1524	1668	ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe	53

C:\Users\Admin\AppData\Local\Temp\ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe
"C:\Users\Admin\AppData\Local\Temp\ac809944b5b03e9d97a96141547b3f22cee7f6fbd8c8a09d671ba16f1dbc3d02N.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\System\LJyJpdU.exe
  C:\Windows\System\LJyJpdU.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\xKFrBaY.exe
  C:\Windows\System\xKFrBaY.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\AdKkEhG.exe
  C:\Windows\System\AdKkEhG.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\oDnnxHp.exe
  C:\Windows\System\oDnnxHp.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\pCZSavD.exe
  C:\Windows\System\pCZSavD.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\FSjqaXF.exe
  C:\Windows\System\FSjqaXF.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\FjillUL.exe
  C:\Windows\System\FjillUL.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\hRNwokS.exe
  C:\Windows\System\hRNwokS.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\yVdmTwK.exe
  C:\Windows\System\yVdmTwK.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\tWchBPm.exe
  C:\Windows\System\tWchBPm.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\lYGseZz.exe
  C:\Windows\System\lYGseZz.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\uzfOkzh.exe
  C:\Windows\System\uzfOkzh.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\dJqRXGp.exe
  C:\Windows\System\dJqRXGp.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\BhIFgyV.exe
  C:\Windows\System\BhIFgyV.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\WowHPkU.exe
  C:\Windows\System\WowHPkU.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\bTNErCe.exe
  C:\Windows\System\bTNErCe.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\LnsAuPN.exe
  C:\Windows\System\LnsAuPN.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\vTaNoAQ.exe
  C:\Windows\System\vTaNoAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\sIGijlm.exe
  C:\Windows\System\sIGijlm.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\DLSaOAB.exe
  C:\Windows\System\DLSaOAB.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\RuczjLw.exe
  C:\Windows\System\RuczjLw.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\yfLqhiW.exe
  C:\Windows\System\yfLqhiW.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\tdQhMjA.exe
  C:\Windows\System\tdQhMjA.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\ZGSksMX.exe
  C:\Windows\System\ZGSksMX.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\LNkhACS.exe
  C:\Windows\System\LNkhACS.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\rjYDHHW.exe
  C:\Windows\System\rjYDHHW.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\AUsTFQm.exe
  C:\Windows\System\AUsTFQm.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\OyJgYCL.exe
  C:\Windows\System\OyJgYCL.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\UYgyNbV.exe
  C:\Windows\System\UYgyNbV.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\UnFDguw.exe
  C:\Windows\System\UnFDguw.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\VByPTFD.exe
  C:\Windows\System\VByPTFD.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\GFdZvey.exe
  C:\Windows\System\GFdZvey.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\BWdfNeq.exe
  C:\Windows\System\BWdfNeq.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\ysrBUct.exe
  C:\Windows\System\ysrBUct.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\dkwVKRI.exe
  C:\Windows\System\dkwVKRI.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\aPWzsHw.exe
  C:\Windows\System\aPWzsHw.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\pxGqYqW.exe
  C:\Windows\System\pxGqYqW.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\QstQQhq.exe
  C:\Windows\System\QstQQhq.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\eUjcEIj.exe
  C:\Windows\System\eUjcEIj.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\kIRJAVk.exe
  C:\Windows\System\kIRJAVk.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\hffohdr.exe
  C:\Windows\System\hffohdr.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\ifUImxW.exe
  C:\Windows\System\ifUImxW.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\xoyYUbn.exe
  C:\Windows\System\xoyYUbn.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\uwxLact.exe
  C:\Windows\System\uwxLact.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\ounWqLM.exe
  C:\Windows\System\ounWqLM.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\ogipsdY.exe
  C:\Windows\System\ogipsdY.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\TXbxDGQ.exe
  C:\Windows\System\TXbxDGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\PAQWHyD.exe
  C:\Windows\System\PAQWHyD.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\EcRYwKK.exe
  C:\Windows\System\EcRYwKK.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\zKEOsaG.exe
  C:\Windows\System\zKEOsaG.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\AOUpHZO.exe
  C:\Windows\System\AOUpHZO.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\xvYBEDY.exe
  C:\Windows\System\xvYBEDY.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\CoMzCHn.exe
  C:\Windows\System\CoMzCHn.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\skrqluy.exe
  C:\Windows\System\skrqluy.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\OgwtOPw.exe
  C:\Windows\System\OgwtOPw.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\XDubBhC.exe
  C:\Windows\System\XDubBhC.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\sOLyDpE.exe
  C:\Windows\System\sOLyDpE.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\FimJkhK.exe
  C:\Windows\System\FimJkhK.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\RKeaGuF.exe
  C:\Windows\System\RKeaGuF.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\XPUnHAN.exe
  C:\Windows\System\XPUnHAN.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\wbEwigV.exe
  C:\Windows\System\wbEwigV.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\DtBIqVT.exe
  C:\Windows\System\DtBIqVT.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\YTHPJcm.exe
  C:\Windows\System\YTHPJcm.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\TtXLATu.exe
  C:\Windows\System\TtXLATu.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\VjQtlYn.exe
  C:\Windows\System\VjQtlYn.exe
  2⤵
  PID:2444
- C:\Windows\System\hmVFTrJ.exe
  C:\Windows\System\hmVFTrJ.exe
  2⤵
  PID:2824
- C:\Windows\System\XAuKsdU.exe
  C:\Windows\System\XAuKsdU.exe
  2⤵
  PID:2468
- C:\Windows\System\vanIkKO.exe
  C:\Windows\System\vanIkKO.exe
  2⤵
  PID:2780
- C:\Windows\System\CTZeEkJ.exe
  C:\Windows\System\CTZeEkJ.exe
  2⤵
  PID:2284
- C:\Windows\System\yJMAKkG.exe
  C:\Windows\System\yJMAKkG.exe
  2⤵
  PID:2852
- C:\Windows\System\FgUETLd.exe
  C:\Windows\System\FgUETLd.exe
  2⤵
  PID:2936
- C:\Windows\System\rVnyBlO.exe
  C:\Windows\System\rVnyBlO.exe
  2⤵
  PID:2292
- C:\Windows\System\MFQIFmX.exe
  C:\Windows\System\MFQIFmX.exe
  2⤵
  PID:400
- C:\Windows\System\ZRWFhVd.exe
  C:\Windows\System\ZRWFhVd.exe
  2⤵
  PID:2192
- C:\Windows\System\aHclwcr.exe
  C:\Windows\System\aHclwcr.exe
  2⤵
  PID:2652
- C:\Windows\System\DUoXxgI.exe
  C:\Windows\System\DUoXxgI.exe
  2⤵
  PID:2416
- C:\Windows\System\LDePKBB.exe
  C:\Windows\System\LDePKBB.exe
  2⤵
  PID:668
- C:\Windows\System\gQpoCCv.exe
  C:\Windows\System\gQpoCCv.exe
  2⤵
  PID:2020
- C:\Windows\System\tIleXdK.exe
  C:\Windows\System\tIleXdK.exe
  2⤵
  PID:1204
- C:\Windows\System\xaDPEku.exe
  C:\Windows\System\xaDPEku.exe
  2⤵
  PID:1568
- C:\Windows\System\SeQutHh.exe
  C:\Windows\System\SeQutHh.exe
  2⤵
  PID:1940
- C:\Windows\System\KYnFKzf.exe
  C:\Windows\System\KYnFKzf.exe
  2⤵
  PID:1960
- C:\Windows\System\Dutwxsd.exe
  C:\Windows\System\Dutwxsd.exe
  2⤵
  PID:1248
- C:\Windows\System\zRyjOfZ.exe
  C:\Windows\System\zRyjOfZ.exe
  2⤵
  PID:1580
- C:\Windows\System\KrEIdhw.exe
  C:\Windows\System\KrEIdhw.exe
  2⤵
  PID:1616
- C:\Windows\System\jnGSnEI.exe
  C:\Windows\System\jnGSnEI.exe
  2⤵
  PID:2056
- C:\Windows\System\uYZQKZb.exe
  C:\Windows\System\uYZQKZb.exe
  2⤵
  PID:2156
- C:\Windows\System\GLZMyDe.exe
  C:\Windows\System\GLZMyDe.exe
  2⤵
  PID:2168
- C:\Windows\System\bdyOGzV.exe
  C:\Windows\System\bdyOGzV.exe
  2⤵
  PID:2352
- C:\Windows\System\CQvWwEi.exe
  C:\Windows\System\CQvWwEi.exe
  2⤵
  PID:572
- C:\Windows\System\sNnPwxv.exe
  C:\Windows\System\sNnPwxv.exe
  2⤵
  PID:884
- C:\Windows\System\EJYABgL.exe
  C:\Windows\System\EJYABgL.exe
  2⤵
  PID:524
- C:\Windows\System\QTJKEQE.exe
  C:\Windows\System\QTJKEQE.exe
  2⤵
  PID:2928
- C:\Windows\System\ARlZxfw.exe
  C:\Windows\System\ARlZxfw.exe
  2⤵
  PID:1544
- C:\Windows\System\bNtUdLt.exe
  C:\Windows\System\bNtUdLt.exe
  2⤵
  PID:2660
- C:\Windows\System\NUjysRI.exe
  C:\Windows\System\NUjysRI.exe
  2⤵
  PID:2948
- C:\Windows\System\xQNtrGE.exe
  C:\Windows\System\xQNtrGE.exe
  2⤵
  PID:2696
- C:\Windows\System\ShmahGK.exe
  C:\Windows\System\ShmahGK.exe
  2⤵
  PID:3012
- C:\Windows\System\aTEVBNO.exe
  C:\Windows\System\aTEVBNO.exe
  2⤵
  PID:2724
- C:\Windows\System\KFYexWs.exe
  C:\Windows\System\KFYexWs.exe
  2⤵
  PID:2700
- C:\Windows\System\mNSafiK.exe
  C:\Windows\System\mNSafiK.exe
  2⤵
  PID:584
- C:\Windows\System\Kegtqzi.exe
  C:\Windows\System\Kegtqzi.exe
  2⤵
  PID:2748
- C:\Windows\System\WmlcPit.exe
  C:\Windows\System\WmlcPit.exe
  2⤵
  PID:1780
- C:\Windows\System\pVbGNcH.exe
  C:\Windows\System\pVbGNcH.exe
  2⤵
  PID:1792
- C:\Windows\System\LHaGcZZ.exe
  C:\Windows\System\LHaGcZZ.exe
  2⤵
  PID:1300
- C:\Windows\System\GVboYXA.exe
  C:\Windows\System\GVboYXA.exe
  2⤵
  PID:912
- C:\Windows\System\juUiKdh.exe
  C:\Windows\System\juUiKdh.exe
  2⤵
  PID:1796
- C:\Windows\System\zWeXRLt.exe
  C:\Windows\System\zWeXRLt.exe
  2⤵
  PID:448
- C:\Windows\System\IYGiBrk.exe
  C:\Windows\System\IYGiBrk.exe
  2⤵
  PID:2440
- C:\Windows\System\HpnoPzH.exe
  C:\Windows\System\HpnoPzH.exe
  2⤵
  PID:380
- C:\Windows\System\vSOmFrp.exe
  C:\Windows\System\vSOmFrp.exe
  2⤵
  PID:1492
- C:\Windows\System\aujuOIF.exe
  C:\Windows\System\aujuOIF.exe
  2⤵
  PID:2064
- C:\Windows\System\wKfYdKl.exe
  C:\Windows\System\wKfYdKl.exe
  2⤵
  PID:2648
- C:\Windows\System\wHLZyvd.exe
  C:\Windows\System\wHLZyvd.exe
  2⤵
  PID:1760
- C:\Windows\System\mwaWliF.exe
  C:\Windows\System\mwaWliF.exe
  2⤵
  PID:2088
- C:\Windows\System\LIyceOb.exe
  C:\Windows\System\LIyceOb.exe
  2⤵
  PID:752
- C:\Windows\System\oEQcZAl.exe
  C:\Windows\System\oEQcZAl.exe
  2⤵
  PID:2612
- C:\Windows\System\CwUBqwb.exe
  C:\Windows\System\CwUBqwb.exe
  2⤵
  PID:1220
- C:\Windows\System\HwZoInw.exe
  C:\Windows\System\HwZoInw.exe
  2⤵
  PID:2592
- C:\Windows\System\NYUqTKU.exe
  C:\Windows\System\NYUqTKU.exe
  2⤵
  PID:2348
- C:\Windows\System\XMtepIw.exe
  C:\Windows\System\XMtepIw.exe
  2⤵
  PID:352
- C:\Windows\System\wODRXCn.exe
  C:\Windows\System\wODRXCn.exe
  2⤵
  PID:2564
- C:\Windows\System\mSufDfD.exe
  C:\Windows\System\mSufDfD.exe
  2⤵
  PID:856
- C:\Windows\System\VzzCdRq.exe
  C:\Windows\System\VzzCdRq.exe
  2⤵
  PID:1180
- C:\Windows\System\OWkUVus.exe
  C:\Windows\System\OWkUVus.exe
  2⤵
  PID:756
- C:\Windows\System\vrxKYhb.exe
  C:\Windows\System\vrxKYhb.exe
  2⤵
  PID:2964
- C:\Windows\System\ofIeZPD.exe
  C:\Windows\System\ofIeZPD.exe
  2⤵
  PID:304
- C:\Windows\System\fyFViOC.exe
  C:\Windows\System\fyFViOC.exe
  2⤵
  PID:2220
- C:\Windows\System\DYelOzs.exe
  C:\Windows\System\DYelOzs.exe
  2⤵
  PID:1520
- C:\Windows\System\TvXIYeR.exe
  C:\Windows\System\TvXIYeR.exe
  2⤵
  PID:1008
- C:\Windows\System\SXoFDTW.exe
  C:\Windows\System\SXoFDTW.exe
  2⤵
  PID:2332
- C:\Windows\System\YvXVkDR.exe
  C:\Windows\System\YvXVkDR.exe
  2⤵
  PID:1648
- C:\Windows\System\HVHPNXY.exe
  C:\Windows\System\HVHPNXY.exe
  2⤵
  PID:1460
- C:\Windows\System\WPZyAhV.exe
  C:\Windows\System\WPZyAhV.exe
  2⤵
  PID:2384
- C:\Windows\System\FfSzHIg.exe
  C:\Windows\System\FfSzHIg.exe
  2⤵
  PID:2544
- C:\Windows\System\KuYhCdB.exe
  C:\Windows\System\KuYhCdB.exe
  2⤵
  PID:1320
- C:\Windows\System\KGvqVGP.exe
  C:\Windows\System\KGvqVGP.exe
  2⤵
  PID:596
- C:\Windows\System\JBKenLx.exe
  C:\Windows\System\JBKenLx.exe
  2⤵
  PID:3088
- C:\Windows\System\kHkUcVU.exe
  C:\Windows\System\kHkUcVU.exe
  2⤵
  PID:3108
- C:\Windows\System\MAInoBY.exe
  C:\Windows\System\MAInoBY.exe
  2⤵
  PID:3124
- C:\Windows\System\ClVXzma.exe
  C:\Windows\System\ClVXzma.exe
  2⤵
  PID:3144
- C:\Windows\System\SHyWJpH.exe
  C:\Windows\System\SHyWJpH.exe
  2⤵
  PID:3164
- C:\Windows\System\ueCBffC.exe
  C:\Windows\System\ueCBffC.exe
  2⤵
  PID:3184
- C:\Windows\System\QyvIkmC.exe
  C:\Windows\System\QyvIkmC.exe
  2⤵
  PID:3200
- C:\Windows\System\vYgsUUz.exe
  C:\Windows\System\vYgsUUz.exe
  2⤵
  PID:3228
- C:\Windows\System\aVdXzxG.exe
  C:\Windows\System\aVdXzxG.exe
  2⤵
  PID:3244
- C:\Windows\System\LlWMbGw.exe
  C:\Windows\System\LlWMbGw.exe
  2⤵
  PID:3264
- C:\Windows\System\zECQGmS.exe
  C:\Windows\System\zECQGmS.exe
  2⤵
  PID:3284
- C:\Windows\System\tOlTGdN.exe
  C:\Windows\System\tOlTGdN.exe
  2⤵
  PID:3304
- C:\Windows\System\uyhOHTM.exe
  C:\Windows\System\uyhOHTM.exe
  2⤵
  PID:3324
- C:\Windows\System\vtXhtPB.exe
  C:\Windows\System\vtXhtPB.exe
  2⤵
  PID:3344
- C:\Windows\System\nOnWHxY.exe
  C:\Windows\System\nOnWHxY.exe
  2⤵
  PID:3364
- C:\Windows\System\pBgeNkS.exe
  C:\Windows\System\pBgeNkS.exe
  2⤵
  PID:3384
- C:\Windows\System\KutLRcl.exe
  C:\Windows\System\KutLRcl.exe
  2⤵
  PID:3408
- C:\Windows\System\RchNSpv.exe
  C:\Windows\System\RchNSpv.exe
  2⤵
  PID:3428
- C:\Windows\System\OuMrLfS.exe
  C:\Windows\System\OuMrLfS.exe
  2⤵
  PID:3444
- C:\Windows\System\RWEsHnA.exe
  C:\Windows\System\RWEsHnA.exe
  2⤵
  PID:3464
- C:\Windows\System\koVXElx.exe
  C:\Windows\System\koVXElx.exe
  2⤵
  PID:3484
- C:\Windows\System\ogtJXKB.exe
  C:\Windows\System\ogtJXKB.exe
  2⤵
  PID:3504
- C:\Windows\System\SgOsMLi.exe
  C:\Windows\System\SgOsMLi.exe
  2⤵
  PID:3524
- C:\Windows\System\wExHmmo.exe
  C:\Windows\System\wExHmmo.exe
  2⤵
  PID:3552
- C:\Windows\System\apfIVDu.exe
  C:\Windows\System\apfIVDu.exe
  2⤵
  PID:3568
- C:\Windows\System\kLlHwFA.exe
  C:\Windows\System\kLlHwFA.exe
  2⤵
  PID:3588
- C:\Windows\System\pxPtsXS.exe
  C:\Windows\System\pxPtsXS.exe
  2⤵
  PID:3612
- C:\Windows\System\QtJICVT.exe
  C:\Windows\System\QtJICVT.exe
  2⤵
  PID:3632
- C:\Windows\System\kEvpWUM.exe
  C:\Windows\System\kEvpWUM.exe
  2⤵
  PID:3648
- C:\Windows\System\iDYuDtm.exe
  C:\Windows\System\iDYuDtm.exe
  2⤵
  PID:3672
- C:\Windows\System\qOSAlRy.exe
  C:\Windows\System\qOSAlRy.exe
  2⤵
  PID:3692
- C:\Windows\System\AGVfhrd.exe
  C:\Windows\System\AGVfhrd.exe
  2⤵
  PID:3712
- C:\Windows\System\nvAfYAR.exe
  C:\Windows\System\nvAfYAR.exe
  2⤵
  PID:3732
- C:\Windows\System\pQxmcNo.exe
  C:\Windows\System\pQxmcNo.exe
  2⤵
  PID:3752
- C:\Windows\System\XTaTsaC.exe
  C:\Windows\System\XTaTsaC.exe
  2⤵
  PID:3772
- C:\Windows\System\hqvxGeV.exe
  C:\Windows\System\hqvxGeV.exe
  2⤵
  PID:3792
- C:\Windows\System\dVUzqdI.exe
  C:\Windows\System\dVUzqdI.exe
  2⤵
  PID:3812
- C:\Windows\System\CYhLsVc.exe
  C:\Windows\System\CYhLsVc.exe
  2⤵
  PID:3832
- C:\Windows\System\NIUYXVr.exe
  C:\Windows\System\NIUYXVr.exe
  2⤵
  PID:3852
- C:\Windows\System\TvJvWPC.exe
  C:\Windows\System\TvJvWPC.exe
  2⤵
  PID:3872
- C:\Windows\System\PJtKbVA.exe
  C:\Windows\System\PJtKbVA.exe
  2⤵
  PID:3892
- C:\Windows\System\oLKJixQ.exe
  C:\Windows\System\oLKJixQ.exe
  2⤵
  PID:3912
- C:\Windows\System\DbhnCtj.exe
  C:\Windows\System\DbhnCtj.exe
  2⤵
  PID:3928
- C:\Windows\System\sBOMAjA.exe
  C:\Windows\System\sBOMAjA.exe
  2⤵
  PID:3948
- C:\Windows\System\DSlikzK.exe
  C:\Windows\System\DSlikzK.exe
  2⤵
  PID:3972
- C:\Windows\System\fiHxHwK.exe
  C:\Windows\System\fiHxHwK.exe
  2⤵
  PID:3992
- C:\Windows\System\NrojbVO.exe
  C:\Windows\System\NrojbVO.exe
  2⤵
  PID:4012
- C:\Windows\System\thLbhwW.exe
  C:\Windows\System\thLbhwW.exe
  2⤵
  PID:4032
- C:\Windows\System\IiVzFJB.exe
  C:\Windows\System\IiVzFJB.exe
  2⤵
  PID:4048
- C:\Windows\System\IqYuSCS.exe
  C:\Windows\System\IqYuSCS.exe
  2⤵
  PID:4068
- C:\Windows\System\OqPJPyp.exe
  C:\Windows\System\OqPJPyp.exe
  2⤵
  PID:4088
- C:\Windows\System\SVScDSn.exe
  C:\Windows\System\SVScDSn.exe
  2⤵
  PID:2844
- C:\Windows\System\yIZfbxu.exe
  C:\Windows\System\yIZfbxu.exe
  2⤵
  PID:1552
- C:\Windows\System\ipiJKWX.exe
  C:\Windows\System\ipiJKWX.exe
  2⤵
  PID:1056
- C:\Windows\System\ZZGUILy.exe
  C:\Windows\System\ZZGUILy.exe
  2⤵
  PID:1896
- C:\Windows\System\sLFZcME.exe
  C:\Windows\System\sLFZcME.exe
  2⤵
  PID:1376
- C:\Windows\System\Cobiflh.exe
  C:\Windows\System\Cobiflh.exe
  2⤵
  PID:1052
- C:\Windows\System\jDZmlQw.exe
  C:\Windows\System\jDZmlQw.exe
  2⤵
  PID:2120
- C:\Windows\System\BTPeuji.exe
  C:\Windows\System\BTPeuji.exe
  2⤵
  PID:3180
- C:\Windows\System\mcuiRBq.exe
  C:\Windows\System\mcuiRBq.exe
  2⤵
  PID:3116
- C:\Windows\System\UoCgCDz.exe
  C:\Windows\System\UoCgCDz.exe
  2⤵
  PID:3224
- C:\Windows\System\AJVSHpe.exe
  C:\Windows\System\AJVSHpe.exe
  2⤵
  PID:3160
- C:\Windows\System\qsSHpMo.exe
  C:\Windows\System\qsSHpMo.exe
  2⤵
  PID:3296
- C:\Windows\System\fjKPmFw.exe
  C:\Windows\System\fjKPmFw.exe
  2⤵
  PID:3152
- C:\Windows\System\byEmBXB.exe
  C:\Windows\System\byEmBXB.exe
  2⤵
  PID:3336
- C:\Windows\System\nsmUwdF.exe
  C:\Windows\System\nsmUwdF.exe
  2⤵
  PID:3236
- C:\Windows\System\vadHESj.exe
  C:\Windows\System\vadHESj.exe
  2⤵
  PID:3280
- C:\Windows\System\GAJEcWK.exe
  C:\Windows\System\GAJEcWK.exe
  2⤵
  PID:3424
- C:\Windows\System\IfjtWiu.exe
  C:\Windows\System\IfjtWiu.exe
  2⤵
  PID:3456
- C:\Windows\System\bHcvcRb.exe
  C:\Windows\System\bHcvcRb.exe
  2⤵
  PID:3360
- C:\Windows\System\RHGPvVy.exe
  C:\Windows\System\RHGPvVy.exe
  2⤵
  PID:3400
- C:\Windows\System\wMxVEpP.exe
  C:\Windows\System\wMxVEpP.exe
  2⤵
  PID:3536
- C:\Windows\System\voKvspu.exe
  C:\Windows\System\voKvspu.exe
  2⤵
  PID:3436
- C:\Windows\System\AgFZbiP.exe
  C:\Windows\System\AgFZbiP.exe
  2⤵
  PID:3516
- C:\Windows\System\pHaQEKq.exe
  C:\Windows\System\pHaQEKq.exe
  2⤵
  PID:3576
- C:\Windows\System\ddsDGbF.exe
  C:\Windows\System\ddsDGbF.exe
  2⤵
  PID:3628
- C:\Windows\System\hLNioeB.exe
  C:\Windows\System\hLNioeB.exe
  2⤵
  PID:3600
- C:\Windows\System\SMRDIaY.exe
  C:\Windows\System\SMRDIaY.exe
  2⤵
  PID:3656
- C:\Windows\System\hEGOMqS.exe
  C:\Windows\System\hEGOMqS.exe
  2⤵
  PID:3644
- C:\Windows\System\SzCbRCR.exe
  C:\Windows\System\SzCbRCR.exe
  2⤵
  PID:3688
- C:\Windows\System\zFoyEmF.exe
  C:\Windows\System\zFoyEmF.exe
  2⤵
  PID:3740
- C:\Windows\System\ErdtAoI.exe
  C:\Windows\System\ErdtAoI.exe
  2⤵
  PID:3744
- C:\Windows\System\mSfiKTW.exe
  C:\Windows\System\mSfiKTW.exe
  2⤵
  PID:3760
- C:\Windows\System\TWpUIpb.exe
  C:\Windows\System\TWpUIpb.exe
  2⤵
  PID:3768
- C:\Windows\System\CnBYfcx.exe
  C:\Windows\System\CnBYfcx.exe
  2⤵
  PID:3800
- C:\Windows\System\sycVfGc.exe
  C:\Windows\System\sycVfGc.exe
  2⤵
  PID:3828
- C:\Windows\System\rJIAvfk.exe
  C:\Windows\System\rJIAvfk.exe
  2⤵
  PID:3848
- C:\Windows\System\vjdovab.exe
  C:\Windows\System\vjdovab.exe
  2⤵
  PID:3904
- C:\Windows\System\zHCAlvD.exe
  C:\Windows\System\zHCAlvD.exe
  2⤵
  PID:3880
- C:\Windows\System\zbZHFTW.exe
  C:\Windows\System\zbZHFTW.exe
  2⤵
  PID:3988
- C:\Windows\System\vYhkBYa.exe
  C:\Windows\System\vYhkBYa.exe
  2⤵
  PID:4024
- C:\Windows\System\fGCooKL.exe
  C:\Windows\System\fGCooKL.exe
  2⤵
  PID:3924
- C:\Windows\System\EkTcHTV.exe
  C:\Windows\System\EkTcHTV.exe
  2⤵
  PID:1420
- C:\Windows\System\IGOBIAt.exe
  C:\Windows\System\IGOBIAt.exe
  2⤵
  PID:3964
- C:\Windows\System\UwookdS.exe
  C:\Windows\System\UwookdS.exe
  2⤵
  PID:2368
- C:\Windows\System\RkUUGdw.exe
  C:\Windows\System\RkUUGdw.exe
  2⤵
  PID:4044
- C:\Windows\System\BasbbLf.exe
  C:\Windows\System\BasbbLf.exe
  2⤵
  PID:4076
- C:\Windows\System\BTtHSwD.exe
  C:\Windows\System\BTtHSwD.exe
  2⤵
  PID:2608
- C:\Windows\System\SfLfdqy.exe
  C:\Windows\System\SfLfdqy.exe
  2⤵
  PID:2680
- C:\Windows\System\sZbpqLZ.exe
  C:\Windows\System\sZbpqLZ.exe
  2⤵
  PID:1948
- C:\Windows\System\GTxFvob.exe
  C:\Windows\System\GTxFvob.exe
  2⤵
  PID:2760
- C:\Windows\System\gAtrkzt.exe
  C:\Windows\System\gAtrkzt.exe
  2⤵
  PID:3140
- C:\Windows\System\uigwYkF.exe
  C:\Windows\System\uigwYkF.exe
  2⤵
  PID:840
- C:\Windows\System\iCjnJNd.exe
  C:\Windows\System\iCjnJNd.exe
  2⤵
  PID:2912
- C:\Windows\System\XAccvvU.exe
  C:\Windows\System\XAccvvU.exe
  2⤵
  PID:1596
- C:\Windows\System\Mropizv.exe
  C:\Windows\System\Mropizv.exe
  2⤵
  PID:3104
- C:\Windows\System\LcHRSiC.exe
  C:\Windows\System\LcHRSiC.exe
  2⤵
  PID:3172
- C:\Windows\System\MuDxBde.exe
  C:\Windows\System\MuDxBde.exe
  2⤵
  PID:3260
- C:\Windows\System\senAjTD.exe
  C:\Windows\System\senAjTD.exe
  2⤵
  PID:3156
- C:\Windows\System\erUDwpL.exe
  C:\Windows\System\erUDwpL.exe
  2⤵
  PID:3376
- C:\Windows\System\SirCrHE.exe
  C:\Windows\System\SirCrHE.exe
  2⤵
  PID:3276
- C:\Windows\System\qIlSCQK.exe
  C:\Windows\System\qIlSCQK.exe
  2⤵
  PID:3356
- C:\Windows\System\CXKqWrf.exe
  C:\Windows\System\CXKqWrf.exe
  2⤵
  PID:3396
- C:\Windows\System\vAZPpIh.exe
  C:\Windows\System\vAZPpIh.exe
  2⤵
  PID:3476
- C:\Windows\System\yHqEzdL.exe
  C:\Windows\System\yHqEzdL.exe
  2⤵
  PID:3512
- C:\Windows\System\fVGPQWb.exe
  C:\Windows\System\fVGPQWb.exe
  2⤵
  PID:3564
- C:\Windows\System\ssZYkyH.exe
  C:\Windows\System\ssZYkyH.exe
  2⤵
  PID:3680
- C:\Windows\System\wGzjBJw.exe
  C:\Windows\System\wGzjBJw.exe
  2⤵
  PID:3728
- C:\Windows\System\fMVtkHi.exe
  C:\Windows\System\fMVtkHi.exe
  2⤵
  PID:3784
- C:\Windows\System\EFTgXNx.exe
  C:\Windows\System\EFTgXNx.exe
  2⤵
  PID:3808
- C:\Windows\System\GetxqqO.exe
  C:\Windows\System\GetxqqO.exe
  2⤵
  PID:3900
- C:\Windows\System\BYEBeje.exe
  C:\Windows\System\BYEBeje.exe
  2⤵
  PID:3944
- C:\Windows\System\xVUGVdu.exe
  C:\Windows\System\xVUGVdu.exe
  2⤵
  PID:3960
- C:\Windows\System\hAlalOx.exe
  C:\Windows\System\hAlalOx.exe
  2⤵
  PID:3968
- C:\Windows\System\HfYVSaK.exe
  C:\Windows\System\HfYVSaK.exe
  2⤵
  PID:4008
- C:\Windows\System\uagYVii.exe
  C:\Windows\System\uagYVii.exe
  2⤵
  PID:4084
- C:\Windows\System\rGXWMNb.exe
  C:\Windows\System\rGXWMNb.exe
  2⤵
  PID:1548
- C:\Windows\System\vKpgMyU.exe
  C:\Windows\System\vKpgMyU.exe
  2⤵
  PID:2428
- C:\Windows\System\qHYuydU.exe
  C:\Windows\System\qHYuydU.exe
  2⤵
  PID:3404
- C:\Windows\System\MaGiCfC.exe
  C:\Windows\System\MaGiCfC.exe
  2⤵
  PID:2580
- C:\Windows\System\SnpuNVg.exe
  C:\Windows\System\SnpuNVg.exe
  2⤵
  PID:3212
- C:\Windows\System\rzMrkZG.exe
  C:\Windows\System\rzMrkZG.exe
  2⤵
  PID:3352
- C:\Windows\System\FvkjfTm.exe
  C:\Windows\System\FvkjfTm.exe
  2⤵
  PID:3540
- C:\Windows\System\aHtdrgT.exe
  C:\Windows\System\aHtdrgT.exe
  2⤵
  PID:2664
- C:\Windows\System\WgGLuYC.exe
  C:\Windows\System\WgGLuYC.exe
  2⤵
  PID:3884
- C:\Windows\System\MKBzOHx.exe
  C:\Windows\System\MKBzOHx.exe
  2⤵
  PID:2692
- C:\Windows\System\NLJIzzC.exe
  C:\Windows\System\NLJIzzC.exe
  2⤵
  PID:3020
- C:\Windows\System\rQSALKn.exe
  C:\Windows\System\rQSALKn.exe
  2⤵
  PID:3620
- C:\Windows\System\uwTADDA.exe
  C:\Windows\System\uwTADDA.exe
  2⤵
  PID:3660
- C:\Windows\System\uwWBNhu.exe
  C:\Windows\System\uwWBNhu.exe
  2⤵
  PID:4028
- C:\Windows\System\LHYtmOJ.exe
  C:\Windows\System\LHYtmOJ.exe
  2⤵
  PID:3136
- C:\Windows\System\ROaUZmq.exe
  C:\Windows\System\ROaUZmq.exe
  2⤵
  PID:2312
- C:\Windows\System\EEXbrpF.exe
  C:\Windows\System\EEXbrpF.exe
  2⤵
  PID:356
- C:\Windows\System\DooSuZG.exe
  C:\Windows\System\DooSuZG.exe
  2⤵
  PID:3840
- C:\Windows\System\RcySXYB.exe
  C:\Windows\System\RcySXYB.exe
  2⤵
  PID:2372
- C:\Windows\System\wyCaMpJ.exe
  C:\Windows\System\wyCaMpJ.exe
  2⤵
  PID:1924
- C:\Windows\System\WUrwPvw.exe
  C:\Windows\System\WUrwPvw.exe
  2⤵
  PID:2900
- C:\Windows\System\OHwVRlv.exe
  C:\Windows\System\OHwVRlv.exe
  2⤵
  PID:3496
- C:\Windows\System\jgNVgXv.exe
  C:\Windows\System\jgNVgXv.exe
  2⤵
  PID:3820
- C:\Windows\System\PuYtseQ.exe
  C:\Windows\System\PuYtseQ.exe
  2⤵
  PID:2232
- C:\Windows\System\iKMyteS.exe
  C:\Windows\System\iKMyteS.exe
  2⤵
  PID:280
- C:\Windows\System\pYiJxIj.exe
  C:\Windows\System\pYiJxIj.exe
  2⤵
  PID:2336
- C:\Windows\System\KtHyDBn.exe
  C:\Windows\System\KtHyDBn.exe
  2⤵
  PID:3452
- C:\Windows\System\ogmsawI.exe
  C:\Windows\System\ogmsawI.exe
  2⤵
  PID:2856
- C:\Windows\System\lWMOmOJ.exe
  C:\Windows\System\lWMOmOJ.exe
  2⤵
  PID:2376
- C:\Windows\System\wsVptyw.exe
  C:\Windows\System\wsVptyw.exe
  2⤵
  PID:1512
- C:\Windows\System\ATufOiL.exe
  C:\Windows\System\ATufOiL.exe
  2⤵
  PID:3472
- C:\Windows\System\qoFfqEO.exe
  C:\Windows\System\qoFfqEO.exe
  2⤵
  PID:1832
- C:\Windows\System\oSUGmEN.exe
  C:\Windows\System\oSUGmEN.exe
  2⤵
  PID:2360
- C:\Windows\System\wYoRFHA.exe
  C:\Windows\System\wYoRFHA.exe
  2⤵
  PID:2536
- C:\Windows\System\cFFkeVd.exe
  C:\Windows\System\cFFkeVd.exe
  2⤵
  PID:4120
- C:\Windows\System\eDqySue.exe
  C:\Windows\System\eDqySue.exe
  2⤵
  PID:4156
- C:\Windows\System\MNoGGGw.exe
  C:\Windows\System\MNoGGGw.exe
  2⤵
  PID:4224
- C:\Windows\System\TVQCeDS.exe
  C:\Windows\System\TVQCeDS.exe
  2⤵
  PID:4240
- C:\Windows\System\TcSjpLB.exe
  C:\Windows\System\TcSjpLB.exe
  2⤵
  PID:4256
- C:\Windows\System\JnUnBOQ.exe
  C:\Windows\System\JnUnBOQ.exe
  2⤵
  PID:4272
- C:\Windows\System\IiZxsOT.exe
  C:\Windows\System\IiZxsOT.exe
  2⤵
  PID:4300
- C:\Windows\System\TAKZxYC.exe
  C:\Windows\System\TAKZxYC.exe
  2⤵
  PID:4316
- C:\Windows\System\PHqgmeL.exe
  C:\Windows\System\PHqgmeL.exe
  2⤵
  PID:4332
- C:\Windows\System\FfBryTf.exe
  C:\Windows\System\FfBryTf.exe
  2⤵
  PID:4348
- C:\Windows\System\uNiToGv.exe
  C:\Windows\System\uNiToGv.exe
  2⤵
  PID:4368
- C:\Windows\System\eEtPiGp.exe
  C:\Windows\System\eEtPiGp.exe
  2⤵
  PID:4384
- C:\Windows\System\DuoxIXO.exe
  C:\Windows\System\DuoxIXO.exe
  2⤵
  PID:4400
- C:\Windows\System\AaSUNrp.exe
  C:\Windows\System\AaSUNrp.exe
  2⤵
  PID:4452
- C:\Windows\System\ESXuSHL.exe
  C:\Windows\System\ESXuSHL.exe
  2⤵
  PID:4468
- C:\Windows\System\OyoyIlo.exe
  C:\Windows\System\OyoyIlo.exe
  2⤵
  PID:4496
- C:\Windows\System\AQxXvEB.exe
  C:\Windows\System\AQxXvEB.exe
  2⤵
  PID:4512
- C:\Windows\System\bykxzcZ.exe
  C:\Windows\System\bykxzcZ.exe
  2⤵
  PID:4528
- C:\Windows\System\xzSCAHW.exe
  C:\Windows\System\xzSCAHW.exe
  2⤵
  PID:4544
- C:\Windows\System\NWsHYzK.exe
  C:\Windows\System\NWsHYzK.exe
  2⤵
  PID:4576
- C:\Windows\System\pylFxLK.exe
  C:\Windows\System\pylFxLK.exe
  2⤵
  PID:4592
- C:\Windows\System\RqZdwyw.exe
  C:\Windows\System\RqZdwyw.exe
  2⤵
  PID:4608
- C:\Windows\System\aXessxP.exe
  C:\Windows\System\aXessxP.exe
  2⤵
  PID:4624
- C:\Windows\System\ICOzgCd.exe
  C:\Windows\System\ICOzgCd.exe
  2⤵
  PID:4644
- C:\Windows\System\HMVBART.exe
  C:\Windows\System\HMVBART.exe
  2⤵
  PID:4664
- C:\Windows\System\UZhhGVd.exe
  C:\Windows\System\UZhhGVd.exe
  2⤵
  PID:4684
- C:\Windows\System\fKkCknv.exe
  C:\Windows\System\fKkCknv.exe
  2⤵
  PID:4704
- C:\Windows\System\KUlgzFg.exe
  C:\Windows\System\KUlgzFg.exe
  2⤵
  PID:4720
- C:\Windows\System\YBFqbOz.exe
  C:\Windows\System\YBFqbOz.exe
  2⤵
  PID:4760
- C:\Windows\System\npXGUUY.exe
  C:\Windows\System\npXGUUY.exe
  2⤵
  PID:4780
- C:\Windows\System\BFeeCxH.exe
  C:\Windows\System\BFeeCxH.exe
  2⤵
  PID:4800
- C:\Windows\System\VYMALKl.exe
  C:\Windows\System\VYMALKl.exe
  2⤵
  PID:4824
- C:\Windows\System\KdSNGms.exe
  C:\Windows\System\KdSNGms.exe
  2⤵
  PID:4840
- C:\Windows\System\BAgmIcP.exe
  C:\Windows\System\BAgmIcP.exe
  2⤵
  PID:4856
- C:\Windows\System\oSymELL.exe
  C:\Windows\System\oSymELL.exe
  2⤵
  PID:4872
- C:\Windows\System\hXAnraj.exe
  C:\Windows\System\hXAnraj.exe
  2⤵
  PID:4888
- C:\Windows\System\ANaomRU.exe
  C:\Windows\System\ANaomRU.exe
  2⤵
  PID:4904
- C:\Windows\System\xRXrzTq.exe
  C:\Windows\System\xRXrzTq.exe
  2⤵
  PID:4920
- C:\Windows\System\BNoZbhL.exe
  C:\Windows\System\BNoZbhL.exe
  2⤵
  PID:4940
- C:\Windows\System\jQuHwix.exe
  C:\Windows\System\jQuHwix.exe
  2⤵
  PID:4964
- C:\Windows\System\VyBjCAJ.exe
  C:\Windows\System\VyBjCAJ.exe
  2⤵
  PID:4980
- C:\Windows\System\mYdsavS.exe
  C:\Windows\System\mYdsavS.exe
  2⤵
  PID:4996
- C:\Windows\System\XjDMjsw.exe
  C:\Windows\System\XjDMjsw.exe
  2⤵
  PID:5012
- C:\Windows\System\wdaYzAL.exe
  C:\Windows\System\wdaYzAL.exe
  2⤵
  PID:5028
- C:\Windows\System\UOUkFKr.exe
  C:\Windows\System\UOUkFKr.exe
  2⤵
  PID:5044
- C:\Windows\System\nHwJLuh.exe
  C:\Windows\System\nHwJLuh.exe
  2⤵
  PID:5068
- C:\Windows\System\BIPiSWD.exe
  C:\Windows\System\BIPiSWD.exe
  2⤵
  PID:5084
- C:\Windows\System\nbvqlgd.exe
  C:\Windows\System\nbvqlgd.exe
  2⤵
  PID:5100
- C:\Windows\System\UgiohgB.exe
  C:\Windows\System\UgiohgB.exe
  2⤵
  PID:5116
- C:\Windows\System\UyGZYhj.exe
  C:\Windows\System\UyGZYhj.exe
  2⤵
  PID:4136
- C:\Windows\System\hmniIEd.exe
  C:\Windows\System\hmniIEd.exe
  2⤵
  PID:4232
- C:\Windows\System\rMhAVMS.exe
  C:\Windows\System\rMhAVMS.exe
  2⤵
  PID:4340
- C:\Windows\System\sAlpKHr.exe
  C:\Windows\System\sAlpKHr.exe
  2⤵
  PID:4420
- C:\Windows\System\GFjJaiz.exe
  C:\Windows\System\GFjJaiz.exe
  2⤵
  PID:4188
- C:\Windows\System\GsySiYk.exe
  C:\Windows\System\GsySiYk.exe
  2⤵
  PID:4204
- C:\Windows\System\SQrZoSW.exe
  C:\Windows\System\SQrZoSW.exe
  2⤵
  PID:2836
- C:\Windows\System\FoPdVOA.exe
  C:\Windows\System\FoPdVOA.exe
  2⤵
  PID:4444
- C:\Windows\System\SiCTGPf.exe
  C:\Windows\System\SiCTGPf.exe
  2⤵
  PID:408
- C:\Windows\System\pCSDYwx.exe
  C:\Windows\System\pCSDYwx.exe
  2⤵
  PID:3076
- C:\Windows\System\tHvAtgZ.exe
  C:\Windows\System\tHvAtgZ.exe
  2⤵
  PID:1296
- C:\Windows\System\uACmlFI.exe
  C:\Windows\System\uACmlFI.exe
  2⤵
  PID:4112
- C:\Windows\System\yZMBCsJ.exe
  C:\Windows\System\yZMBCsJ.exe
  2⤵
  PID:4412
- C:\Windows\System\VZytrVN.exe
  C:\Windows\System\VZytrVN.exe
  2⤵
  PID:4392
- C:\Windows\System\rbXBgTT.exe
  C:\Windows\System\rbXBgTT.exe
  2⤵
  PID:4488
- C:\Windows\System\thcYHCH.exe
  C:\Windows\System\thcYHCH.exe
  2⤵
  PID:4284
- C:\Windows\System\UTZKdeu.exe
  C:\Windows\System\UTZKdeu.exe
  2⤵
  PID:4324
- C:\Windows\System\KGYRlgI.exe
  C:\Windows\System\KGYRlgI.exe
  2⤵
  PID:4568
- C:\Windows\System\cdkeEKq.exe
  C:\Windows\System\cdkeEKq.exe
  2⤵
  PID:4560
- C:\Windows\System\iTfcsvV.exe
  C:\Windows\System\iTfcsvV.exe
  2⤵
  PID:4604
- C:\Windows\System\BxUqrmh.exe
  C:\Windows\System\BxUqrmh.exe
  2⤵
  PID:4676
- C:\Windows\System\oCJMvuZ.exe
  C:\Windows\System\oCJMvuZ.exe
  2⤵
  PID:4656
- C:\Windows\System\QpJcCHB.exe
  C:\Windows\System\QpJcCHB.exe
  2⤵
  PID:4536
- C:\Windows\System\BjqOYRD.exe
  C:\Windows\System\BjqOYRD.exe
  2⤵
  PID:4616
- C:\Windows\System\nLzuAmO.exe
  C:\Windows\System\nLzuAmO.exe
  2⤵
  PID:4696
- C:\Windows\System\ZoURmsC.exe
  C:\Windows\System\ZoURmsC.exe
  2⤵
  PID:4740
- C:\Windows\System\crikmZY.exe
  C:\Windows\System\crikmZY.exe
  2⤵
  PID:4792
- C:\Windows\System\uEadBwz.exe
  C:\Windows\System\uEadBwz.exe
  2⤵
  PID:4848
- C:\Windows\System\OVocomC.exe
  C:\Windows\System\OVocomC.exe
  2⤵
  PID:4912
- C:\Windows\System\DKOwxWR.exe
  C:\Windows\System\DKOwxWR.exe
  2⤵
  PID:4960
- C:\Windows\System\NjadrGA.exe
  C:\Windows\System\NjadrGA.exe
  2⤵
  PID:5108
- C:\Windows\System\UXGGKbr.exe
  C:\Windows\System\UXGGKbr.exe
  2⤵
  PID:4900
- C:\Windows\System\MYJRhHI.exe
  C:\Windows\System\MYJRhHI.exe
  2⤵
  PID:4952
- C:\Windows\System\ARGoGzQ.exe
  C:\Windows\System\ARGoGzQ.exe
  2⤵
  PID:5020
- C:\Windows\System\QPYdgTu.exe
  C:\Windows\System\QPYdgTu.exe
  2⤵
  PID:5092
- C:\Windows\System\BMGNDaT.exe
  C:\Windows\System\BMGNDaT.exe
  2⤵
  PID:1800
- C:\Windows\System\FAzWlbF.exe
  C:\Windows\System\FAzWlbF.exe
  2⤵
  PID:4428
- C:\Windows\System\rXNoTir.exe
  C:\Windows\System\rXNoTir.exe
  2⤵
  PID:4176
- C:\Windows\System\upkZxhf.exe
  C:\Windows\System\upkZxhf.exe
  2⤵
  PID:4208
- C:\Windows\System\JbsXhoH.exe
  C:\Windows\System\JbsXhoH.exe
  2⤵
  PID:2624
- C:\Windows\System\AfPTZqP.exe
  C:\Windows\System\AfPTZqP.exe
  2⤵
  PID:3380
- C:\Windows\System\NCJWNZL.exe
  C:\Windows\System\NCJWNZL.exe
  2⤵
  PID:4864
- C:\Windows\System\wVToNrn.exe
  C:\Windows\System\wVToNrn.exe
  2⤵
  PID:4148
- C:\Windows\System\MWXPIlL.exe
  C:\Windows\System\MWXPIlL.exe
  2⤵
  PID:4200
- C:\Windows\System\HDmXIDB.exe
  C:\Windows\System\HDmXIDB.exe
  2⤵
  PID:4480
- C:\Windows\System\EkHUzoX.exe
  C:\Windows\System\EkHUzoX.exe
  2⤵
  PID:4504
- C:\Windows\System\fUIEUAF.exe
  C:\Windows\System\fUIEUAF.exe
  2⤵
  PID:4104
- C:\Windows\System\DTDBpep.exe
  C:\Windows\System\DTDBpep.exe
  2⤵
  PID:4364
- C:\Windows\System\YOZDBct.exe
  C:\Windows\System\YOZDBct.exe
  2⤵
  PID:4692
- C:\Windows\System\FFXsfLA.exe
  C:\Windows\System\FFXsfLA.exe
  2⤵
  PID:1528
- C:\Windows\System\wLTxhyk.exe
  C:\Windows\System\wLTxhyk.exe
  2⤵
  PID:4464
- C:\Windows\System\niLaljF.exe
  C:\Windows\System\niLaljF.exe
  2⤵
  PID:4564
- C:\Windows\System\LWAAHXW.exe
  C:\Windows\System\LWAAHXW.exe
  2⤵
  PID:4716
- C:\Windows\System\NYNNsVT.exe
  C:\Windows\System\NYNNsVT.exe
  2⤵
  PID:4880
- C:\Windows\System\xgzfcKL.exe
  C:\Windows\System\xgzfcKL.exe
  2⤵
  PID:5076
- C:\Windows\System\xWMscQF.exe
  C:\Windows\System\xWMscQF.exe
  2⤵
  PID:5056
- C:\Windows\System\fhjDcki.exe
  C:\Windows\System\fhjDcki.exe
  2⤵
  PID:4184
- C:\Windows\System\fygEtWm.exe
  C:\Windows\System\fygEtWm.exe
  2⤵
  PID:4252
- C:\Windows\System\rOrhBbY.exe
  C:\Windows\System\rOrhBbY.exe
  2⤵
  PID:4060
- C:\Windows\System\cbPuNvb.exe
  C:\Windows\System\cbPuNvb.exe
  2⤵
  PID:1880
- C:\Windows\System\QTeZbzr.exe
  C:\Windows\System\QTeZbzr.exe
  2⤵
  PID:4448
- C:\Windows\System\eYYDTiK.exe
  C:\Windows\System\eYYDTiK.exe
  2⤵
  PID:4132
- C:\Windows\System\GJphAjG.exe
  C:\Windows\System\GJphAjG.exe
  2⤵
  PID:4236
- C:\Windows\System\JEMoGyx.exe
  C:\Windows\System\JEMoGyx.exe
  2⤵
  PID:4836
- C:\Windows\System\GHouynM.exe
  C:\Windows\System\GHouynM.exe
  2⤵
  PID:4484
- C:\Windows\System\PyPUrif.exe
  C:\Windows\System\PyPUrif.exe
  2⤵
  PID:4328
- C:\Windows\System\UNMlEGq.exe
  C:\Windows\System\UNMlEGq.exe
  2⤵
  PID:4808
- C:\Windows\System\MGeBJzZ.exe
  C:\Windows\System\MGeBJzZ.exe
  2⤵
  PID:4640
- C:\Windows\System\DDzgJTc.exe
  C:\Windows\System\DDzgJTc.exe
  2⤵
  PID:4768
- C:\Windows\System\zuqXHwb.exe
  C:\Windows\System\zuqXHwb.exe
  2⤵
  PID:4976
- C:\Windows\System\CaPescz.exe
  C:\Windows\System\CaPescz.exe
  2⤵
  PID:4732
- C:\Windows\System\enQWteZ.exe
  C:\Windows\System\enQWteZ.exe
  2⤵
  PID:4820
- C:\Windows\System\sYMIgle.exe
  C:\Windows\System\sYMIgle.exe
  2⤵
  PID:4868
- C:\Windows\System\AdVxcrk.exe
  C:\Windows\System\AdVxcrk.exe
  2⤵
  PID:2184
- C:\Windows\System\feiQkBu.exe
  C:\Windows\System\feiQkBu.exe
  2⤵
  PID:4168
- C:\Windows\System\YMJoVau.exe
  C:\Windows\System\YMJoVau.exe
  2⤵
  PID:5132
- C:\Windows\System\ywviqRT.exe
  C:\Windows\System\ywviqRT.exe
  2⤵
  PID:5148
- C:\Windows\System\TpGiMJY.exe
  C:\Windows\System\TpGiMJY.exe
  2⤵
  PID:5212
- C:\Windows\System\gNHFpnY.exe
  C:\Windows\System\gNHFpnY.exe
  2⤵
  PID:5264
- C:\Windows\System\LKmZgNt.exe
  C:\Windows\System\LKmZgNt.exe
  2⤵
  PID:5284
- C:\Windows\System\PIjoMep.exe
  C:\Windows\System\PIjoMep.exe
  2⤵
  PID:5300
- C:\Windows\System\HGlABty.exe
  C:\Windows\System\HGlABty.exe
  2⤵
  PID:5316
- C:\Windows\System\qqePqrP.exe
  C:\Windows\System\qqePqrP.exe
  2⤵
  PID:5336
- C:\Windows\System\gVNxhYa.exe
  C:\Windows\System\gVNxhYa.exe
  2⤵
  PID:5352
- C:\Windows\System\ptMJPXQ.exe
  C:\Windows\System\ptMJPXQ.exe
  2⤵
  PID:5372
- C:\Windows\System\YaiMJdI.exe
  C:\Windows\System\YaiMJdI.exe
  2⤵
  PID:5388
- C:\Windows\System\vkriRXj.exe
  C:\Windows\System\vkriRXj.exe
  2⤵
  PID:5404
- C:\Windows\System\QAkNaCL.exe
  C:\Windows\System\QAkNaCL.exe
  2⤵
  PID:5428
- C:\Windows\System\GFcLicO.exe
  C:\Windows\System\GFcLicO.exe
  2⤵
  PID:5444
- C:\Windows\System\ClTuCyf.exe
  C:\Windows\System\ClTuCyf.exe
  2⤵
  PID:5460
- C:\Windows\System\oetyQDf.exe
  C:\Windows\System\oetyQDf.exe
  2⤵
  PID:5476
- C:\Windows\System\XUsaIBO.exe
  C:\Windows\System\XUsaIBO.exe
  2⤵
  PID:5492
- C:\Windows\System\uFalkFl.exe
  C:\Windows\System\uFalkFl.exe
  2⤵
  PID:5516
- C:\Windows\System\jvvnSkM.exe
  C:\Windows\System\jvvnSkM.exe
  2⤵
  PID:5544
- C:\Windows\System\QSJELAz.exe
  C:\Windows\System\QSJELAz.exe
  2⤵
  PID:5564
- C:\Windows\System\VhJWdxB.exe
  C:\Windows\System\VhJWdxB.exe
  2⤵
  PID:5584
- C:\Windows\System\LfYGpFz.exe
  C:\Windows\System\LfYGpFz.exe
  2⤵
  PID:5600
- C:\Windows\System\VqmRFmg.exe
  C:\Windows\System\VqmRFmg.exe
  2⤵
  PID:5616
- C:\Windows\System\spKICOi.exe
  C:\Windows\System\spKICOi.exe
  2⤵
  PID:5636
- C:\Windows\System\MTSNjIS.exe
  C:\Windows\System\MTSNjIS.exe
  2⤵
  PID:5656
- C:\Windows\System\MZknqMh.exe
  C:\Windows\System\MZknqMh.exe
  2⤵
  PID:5672
- C:\Windows\System\wEeepas.exe
  C:\Windows\System\wEeepas.exe
  2⤵
  PID:5688
- C:\Windows\System\snjnfQT.exe
  C:\Windows\System\snjnfQT.exe
  2⤵
  PID:5704
- C:\Windows\System\kvQDBMk.exe
  C:\Windows\System\kvQDBMk.exe
  2⤵
  PID:5724
- C:\Windows\System\iZwCgZm.exe
  C:\Windows\System\iZwCgZm.exe
  2⤵
  PID:5740
- C:\Windows\System\qkiBvJs.exe
  C:\Windows\System\qkiBvJs.exe
  2⤵
  PID:5756
- C:\Windows\System\reHZhPW.exe
  C:\Windows\System\reHZhPW.exe
  2⤵
  PID:5772
- C:\Windows\System\DtRrzKl.exe
  C:\Windows\System\DtRrzKl.exe
  2⤵
  PID:5788
- C:\Windows\System\jTtxhyj.exe
  C:\Windows\System\jTtxhyj.exe
  2⤵
  PID:5804
- C:\Windows\System\hwrkXxG.exe
  C:\Windows\System\hwrkXxG.exe
  2⤵
  PID:5820
- C:\Windows\System\Zznstqz.exe
  C:\Windows\System\Zznstqz.exe
  2⤵
  PID:5836
- C:\Windows\System\ByJTIpd.exe
  C:\Windows\System\ByJTIpd.exe
  2⤵
  PID:5852
- C:\Windows\System\bWLCRXe.exe
  C:\Windows\System\bWLCRXe.exe
  2⤵
  PID:5880
- C:\Windows\System\etAXXTf.exe
  C:\Windows\System\etAXXTf.exe
  2⤵
  PID:5900
- C:\Windows\System\BVwVLwV.exe
  C:\Windows\System\BVwVLwV.exe
  2⤵
  PID:5920
- C:\Windows\System\hJxHSig.exe
  C:\Windows\System\hJxHSig.exe
  2⤵
  PID:5936
- C:\Windows\System\ACeppgM.exe
  C:\Windows\System\ACeppgM.exe
  2⤵
  PID:5952
- C:\Windows\System\JyUqPXI.exe
  C:\Windows\System\JyUqPXI.exe
  2⤵
  PID:5968
- C:\Windows\System\XaHDpuQ.exe
  C:\Windows\System\XaHDpuQ.exe
  2⤵
  PID:5984
- C:\Windows\System\bbOyBDJ.exe
  C:\Windows\System\bbOyBDJ.exe
  2⤵
  PID:6008
- C:\Windows\System\MTaStmG.exe
  C:\Windows\System\MTaStmG.exe
  2⤵
  PID:6028
- C:\Windows\System\aPJzLoq.exe
  C:\Windows\System\aPJzLoq.exe
  2⤵
  PID:6048
- C:\Windows\System\bHDkRwF.exe
  C:\Windows\System\bHDkRwF.exe
  2⤵
  PID:6064
- C:\Windows\System\vHDMKlK.exe
  C:\Windows\System\vHDMKlK.exe
  2⤵
  PID:6080
- C:\Windows\System\AxQmjEn.exe
  C:\Windows\System\AxQmjEn.exe
  2⤵
  PID:6096
- C:\Windows\System\dNUNAhB.exe
  C:\Windows\System\dNUNAhB.exe
  2⤵
  PID:6112
- C:\Windows\System\syUfVMa.exe
  C:\Windows\System\syUfVMa.exe
  2⤵
  PID:6132
- C:\Windows\System\WmUNezp.exe
  C:\Windows\System\WmUNezp.exe
  2⤵
  PID:4928
- C:\Windows\System\xloAogS.exe
  C:\Windows\System\xloAogS.exe
  2⤵
  PID:4736
- C:\Windows\System\ckPtycY.exe
  C:\Windows\System\ckPtycY.exe
  2⤵
  PID:4772
- C:\Windows\System\nkeLqyS.exe
  C:\Windows\System\nkeLqyS.exe
  2⤵
  PID:5144
- C:\Windows\System\jziZdkS.exe
  C:\Windows\System\jziZdkS.exe
  2⤵
  PID:4436
- C:\Windows\System\EPDjxZT.exe
  C:\Windows\System\EPDjxZT.exe
  2⤵
  PID:5128
- C:\Windows\System\FNFZSDd.exe
  C:\Windows\System\FNFZSDd.exe
  2⤵
  PID:5184
- C:\Windows\System\RcchhTK.exe
  C:\Windows\System\RcchhTK.exe
  2⤵
  PID:5200
- C:\Windows\System\sHcNBYi.exe
  C:\Windows\System\sHcNBYi.exe
  2⤵
  PID:4380
- C:\Windows\System\sLoyqeM.exe
  C:\Windows\System\sLoyqeM.exe
  2⤵
  PID:5160
- C:\Windows\System\bPcWgit.exe
  C:\Windows\System\bPcWgit.exe
  2⤵
  PID:5004
- C:\Windows\System\XJzXetj.exe
  C:\Windows\System\XJzXetj.exe
  2⤵
  PID:5380
- C:\Windows\System\FyxSvTr.exe
  C:\Windows\System\FyxSvTr.exe
  2⤵
  PID:5420
- C:\Windows\System\VOSfYrG.exe
  C:\Windows\System\VOSfYrG.exe
  2⤵
  PID:5484
- C:\Windows\System\iGRpokQ.exe
  C:\Windows\System\iGRpokQ.exe
  2⤵
  PID:5536
- C:\Windows\System\BRuMLTT.exe
  C:\Windows\System\BRuMLTT.exe
  2⤵
  PID:5624
- C:\Windows\System\lLhToCf.exe
  C:\Windows\System\lLhToCf.exe
  2⤵
  PID:5668
- C:\Windows\System\sWiUxHp.exe
  C:\Windows\System\sWiUxHp.exe
  2⤵
  PID:5732
- C:\Windows\System\qYDOmAG.exe
  C:\Windows\System\qYDOmAG.exe
  2⤵
  PID:5796
- C:\Windows\System\JDSprzQ.exe
  C:\Windows\System\JDSprzQ.exe
  2⤵
  PID:5860
- C:\Windows\System\WyKGWde.exe
  C:\Windows\System\WyKGWde.exe
  2⤵
  PID:5876
- C:\Windows\System\TYkUzkm.exe
  C:\Windows\System\TYkUzkm.exe
  2⤵
  PID:5980
- C:\Windows\System\xoiOqjC.exe
  C:\Windows\System\xoiOqjC.exe
  2⤵
  PID:6024
- C:\Windows\System\qSusoTK.exe
  C:\Windows\System\qSusoTK.exe
  2⤵
  PID:6092
- C:\Windows\System\EBUWmyz.exe
  C:\Windows\System\EBUWmyz.exe
  2⤵
  PID:6128
- C:\Windows\System\SnKFGoF.exe
  C:\Windows\System\SnKFGoF.exe
  2⤵
  PID:5140
- C:\Windows\System\iKiPHpD.exe
  C:\Windows\System\iKiPHpD.exe
  2⤵
  PID:5748
- C:\Windows\System\hCeNGXm.exe
  C:\Windows\System\hCeNGXm.exe
  2⤵
  PID:5960
- C:\Windows\System\UcWSkfX.exe
  C:\Windows\System\UcWSkfX.exe
  2⤵
  PID:6040
- C:\Windows\System\SZoAcJi.exe
  C:\Windows\System\SZoAcJi.exe
  2⤵
  PID:5060
- C:\Windows\System\EshIOIP.exe
  C:\Windows\System\EshIOIP.exe
  2⤵
  PID:5172
- C:\Windows\System\xMfakrz.exe
  C:\Windows\System\xMfakrz.exe
  2⤵
  PID:4816
- C:\Windows\System\zZKQOxL.exe
  C:\Windows\System\zZKQOxL.exe
  2⤵
  PID:5648
- C:\Windows\System\GHNpMBn.exe
  C:\Windows\System\GHNpMBn.exe
  2⤵
  PID:5712
- C:\Windows\System\qSySWnJ.exe
  C:\Windows\System\qSySWnJ.exe
  2⤵
  PID:6044
- C:\Windows\System\BUztkoW.exe
  C:\Windows\System\BUztkoW.exe
  2⤵
  PID:4812
- C:\Windows\System\nFjNIUU.exe
  C:\Windows\System\nFjNIUU.exe
  2⤵
  PID:2408
- C:\Windows\System\XNOrpeH.exe
  C:\Windows\System\XNOrpeH.exe
  2⤵
  PID:4636
- C:\Windows\System\zlCReMQ.exe
  C:\Windows\System\zlCReMQ.exe
  2⤵
  PID:5244
- C:\Windows\System\cwihLPd.exe
  C:\Windows\System\cwihLPd.exe
  2⤵
  PID:5260
- C:\Windows\System\lHzoFwd.exe
  C:\Windows\System\lHzoFwd.exe
  2⤵
  PID:5296
- C:\Windows\System\QIIrNPV.exe
  C:\Windows\System\QIIrNPV.exe
  2⤵
  PID:5364
- C:\Windows\System\bNnjrFc.exe
  C:\Windows\System\bNnjrFc.exe
  2⤵
  PID:5440
- C:\Windows\System\XMmIFPF.exe
  C:\Windows\System\XMmIFPF.exe
  2⤵
  PID:5504
- C:\Windows\System\mnHvLXx.exe
  C:\Windows\System\mnHvLXx.exe
  2⤵
  PID:5552
- C:\Windows\System\xOYVrSU.exe
  C:\Windows\System\xOYVrSU.exe
  2⤵
  PID:5220
- C:\Windows\System\KZsKuNm.exe
  C:\Windows\System\KZsKuNm.exe
  2⤵
  PID:5452
- C:\Windows\System\JxLrMND.exe
  C:\Windows\System\JxLrMND.exe
  2⤵
  PID:5596
- C:\Windows\System\MRiuVqZ.exe
  C:\Windows\System\MRiuVqZ.exe
  2⤵
  PID:5556
- C:\Windows\System\AusqoMM.exe
  C:\Windows\System\AusqoMM.exe
  2⤵
  PID:5908
- C:\Windows\System\pdlRFkc.exe
  C:\Windows\System\pdlRFkc.exe
  2⤵
  PID:5916
- C:\Windows\System\quLHDqK.exe
  C:\Windows\System\quLHDqK.exe
  2⤵
  PID:6088
- C:\Windows\System\XTGrsNZ.exe
  C:\Windows\System\XTGrsNZ.exe
  2⤵
  PID:5780
- C:\Windows\System\gsclcNZ.exe
  C:\Windows\System\gsclcNZ.exe
  2⤵
  PID:5848
- C:\Windows\System\rqtxuIY.exe
  C:\Windows\System\rqtxuIY.exe
  2⤵
  PID:5928
- C:\Windows\System\jrkzjCG.exe
  C:\Windows\System\jrkzjCG.exe
  2⤵
  PID:5664
- C:\Windows\System\ZhJGxUN.exe
  C:\Windows\System\ZhJGxUN.exe
  2⤵
  PID:5872
- C:\Windows\System\PlUYWId.exe
  C:\Windows\System\PlUYWId.exe
  2⤵
  PID:6036
- C:\Windows\System\AyWpDrR.exe
  C:\Windows\System\AyWpDrR.exe
  2⤵
  PID:4652
- C:\Windows\System\thxwRAD.exe
  C:\Windows\System\thxwRAD.exe
  2⤵
  PID:5684
- C:\Windows\System\iOnaFrq.exe
  C:\Windows\System\iOnaFrq.exe
  2⤵
  PID:5192
- C:\Windows\System\HqvxYvl.exe
  C:\Windows\System\HqvxYvl.exe
  2⤵
  PID:4152
- C:\Windows\System\hnONMLI.exe
  C:\Windows\System\hnONMLI.exe
  2⤵
  PID:6000
- C:\Windows\System\hNnFrxz.exe
  C:\Windows\System\hNnFrxz.exe
  2⤵
  PID:5236
- C:\Windows\System\xzGoVHa.exe
  C:\Windows\System\xzGoVHa.exe
  2⤵
  PID:5328
- C:\Windows\System\lrSYFcD.exe
  C:\Windows\System\lrSYFcD.exe
  2⤵
  PID:5360
- C:\Windows\System\sBLGHrz.exe
  C:\Windows\System\sBLGHrz.exe
  2⤵
  PID:5332
- C:\Windows\System\zbpjzZe.exe
  C:\Windows\System\zbpjzZe.exe
  2⤵
  PID:5512
- C:\Windows\System\grfVjCM.exe
  C:\Windows\System\grfVjCM.exe
  2⤵
  PID:5696
- C:\Windows\System\EqPZKAw.exe
  C:\Windows\System\EqPZKAw.exe
  2⤵
  PID:5532
- C:\Windows\System\NhxmJZY.exe
  C:\Windows\System\NhxmJZY.exe
  2⤵
  PID:5812
- C:\Windows\System\rXhZXDz.exe
  C:\Windows\System\rXhZXDz.exe
  2⤵
  PID:5716
- C:\Windows\System\bbOBwtP.exe
  C:\Windows\System\bbOBwtP.exe
  2⤵
  PID:5764
- C:\Windows\System\pWHqHNv.exe
  C:\Windows\System\pWHqHNv.exe
  2⤵
  PID:5992
- C:\Windows\System\RLHGCDs.exe
  C:\Windows\System\RLHGCDs.exe
  2⤵
  PID:1872
- C:\Windows\System\MSvCHgk.exe
  C:\Windows\System\MSvCHgk.exe
  2⤵
  PID:5816
- C:\Windows\System\pMJItQW.exe
  C:\Windows\System\pMJItQW.exe
  2⤵
  PID:5252
- C:\Windows\System\DmmEmJc.exe
  C:\Windows\System\DmmEmJc.exe
  2⤵
  PID:5580
- C:\Windows\System\SrtRKJI.exe
  C:\Windows\System\SrtRKJI.exe
  2⤵
  PID:5948
- C:\Windows\System\JwGkikM.exe
  C:\Windows\System\JwGkikM.exe
  2⤵
  PID:5472
- C:\Windows\System\NZXTfPa.exe
  C:\Windows\System\NZXTfPa.exe
  2⤵
  PID:6148
- C:\Windows\System\pcAhCzY.exe
  C:\Windows\System\pcAhCzY.exe
  2⤵
  PID:6164
- C:\Windows\System\RBcTUTZ.exe
  C:\Windows\System\RBcTUTZ.exe
  2⤵
  PID:6180
- C:\Windows\System\piYhXJx.exe
  C:\Windows\System\piYhXJx.exe
  2⤵
  PID:6196
- C:\Windows\System\PVoOtbE.exe
  C:\Windows\System\PVoOtbE.exe
  2⤵
  PID:6216
- C:\Windows\System\RuoWtNN.exe
  C:\Windows\System\RuoWtNN.exe
  2⤵
  PID:6232
- C:\Windows\System\UVkenHB.exe
  C:\Windows\System\UVkenHB.exe
  2⤵
  PID:6248
- C:\Windows\System\QiNRFko.exe
  C:\Windows\System\QiNRFko.exe
  2⤵
  PID:6272
- C:\Windows\System\qyzNqRP.exe
  C:\Windows\System\qyzNqRP.exe
  2⤵
  PID:6288
- C:\Windows\System\zFXiKvR.exe
  C:\Windows\System\zFXiKvR.exe
  2⤵
  PID:6304
- C:\Windows\System\ykFzhEE.exe
  C:\Windows\System\ykFzhEE.exe
  2⤵
  PID:6320
- C:\Windows\System\POxmgqm.exe
  C:\Windows\System\POxmgqm.exe
  2⤵
  PID:6336
- C:\Windows\System\ENEdpGr.exe
  C:\Windows\System\ENEdpGr.exe
  2⤵
  PID:6352
- C:\Windows\System\FjLYKNF.exe
  C:\Windows\System\FjLYKNF.exe
  2⤵
  PID:6368
- C:\Windows\System\jjqLSrG.exe
  C:\Windows\System\jjqLSrG.exe
  2⤵
  PID:6384
- C:\Windows\System\mJmEOqa.exe
  C:\Windows\System\mJmEOqa.exe
  2⤵
  PID:6400
- C:\Windows\System\yhNoTsu.exe
  C:\Windows\System\yhNoTsu.exe
  2⤵
  PID:6416
- C:\Windows\System\TUAmjMG.exe
  C:\Windows\System\TUAmjMG.exe
  2⤵
  PID:6432
- C:\Windows\System\RRObrIZ.exe
  C:\Windows\System\RRObrIZ.exe
  2⤵
  PID:6448
- C:\Windows\System\IfuEVIi.exe
  C:\Windows\System\IfuEVIi.exe
  2⤵
  PID:6464
- C:\Windows\System\Amccucn.exe
  C:\Windows\System\Amccucn.exe
  2⤵
  PID:6480
- C:\Windows\System\YndkBZD.exe
  C:\Windows\System\YndkBZD.exe
  2⤵
  PID:6496
- C:\Windows\System\TznmqRh.exe
  C:\Windows\System\TznmqRh.exe
  2⤵
  PID:6512
- C:\Windows\System\EHZSEbR.exe
  C:\Windows\System\EHZSEbR.exe
  2⤵
  PID:6528
- C:\Windows\System\GkoPfqf.exe
  C:\Windows\System\GkoPfqf.exe
  2⤵
  PID:6544
- C:\Windows\System\UItGOjk.exe
  C:\Windows\System\UItGOjk.exe
  2⤵
  PID:6560
- C:\Windows\System\yEAGrla.exe
  C:\Windows\System\yEAGrla.exe
  2⤵
  PID:6576
- C:\Windows\System\RjXFQkV.exe
  C:\Windows\System\RjXFQkV.exe
  2⤵
  PID:6592
- C:\Windows\System\QcZSRZj.exe
  C:\Windows\System\QcZSRZj.exe
  2⤵
  PID:6608
- C:\Windows\System\LkTKevG.exe
  C:\Windows\System\LkTKevG.exe
  2⤵
  PID:6624
- C:\Windows\System\NGXJkHa.exe
  C:\Windows\System\NGXJkHa.exe
  2⤵
  PID:6640
- C:\Windows\System\cdfqHlN.exe
  C:\Windows\System\cdfqHlN.exe
  2⤵
  PID:6660
- C:\Windows\System\UuJXKJm.exe
  C:\Windows\System\UuJXKJm.exe
  2⤵
  PID:6676
- C:\Windows\System\aGTQzfO.exe
  C:\Windows\System\aGTQzfO.exe
  2⤵
  PID:6692
- C:\Windows\System\TjCmQpA.exe
  C:\Windows\System\TjCmQpA.exe
  2⤵
  PID:6708
- C:\Windows\System\ZtMerVP.exe
  C:\Windows\System\ZtMerVP.exe
  2⤵
  PID:6724
- C:\Windows\System\TQovDVU.exe
  C:\Windows\System\TQovDVU.exe
  2⤵
  PID:6740
- C:\Windows\System\bRqpozv.exe
  C:\Windows\System\bRqpozv.exe
  2⤵
  PID:6756
- C:\Windows\System\HSMuwjh.exe
  C:\Windows\System\HSMuwjh.exe
  2⤵
  PID:6772
- C:\Windows\System\fvmimgv.exe
  C:\Windows\System\fvmimgv.exe
  2⤵
  PID:6788
- C:\Windows\System\xLKPYIB.exe
  C:\Windows\System\xLKPYIB.exe
  2⤵
  PID:6804
- C:\Windows\System\DEgrhAF.exe
  C:\Windows\System\DEgrhAF.exe
  2⤵
  PID:6820
- C:\Windows\System\FoTgrbJ.exe
  C:\Windows\System\FoTgrbJ.exe
  2⤵
  PID:6836
- C:\Windows\System\XgiqzWg.exe
  C:\Windows\System\XgiqzWg.exe
  2⤵
  PID:6852
- C:\Windows\System\vHzrcWN.exe
  C:\Windows\System\vHzrcWN.exe
  2⤵
  PID:6868
- C:\Windows\System\SxxFrJB.exe
  C:\Windows\System\SxxFrJB.exe
  2⤵
  PID:6884
- C:\Windows\System\OyaaHPr.exe
  C:\Windows\System\OyaaHPr.exe
  2⤵
  PID:6900
- C:\Windows\System\VvKTmOj.exe
  C:\Windows\System\VvKTmOj.exe
  2⤵
  PID:6916
- C:\Windows\System\MaLowtq.exe
  C:\Windows\System\MaLowtq.exe
  2⤵
  PID:6932
- C:\Windows\System\vlfGVix.exe
  C:\Windows\System\vlfGVix.exe
  2⤵
  PID:6948
- C:\Windows\System\LhgidTc.exe
  C:\Windows\System\LhgidTc.exe
  2⤵
  PID:6964
- C:\Windows\System\UOfkEeO.exe
  C:\Windows\System\UOfkEeO.exe
  2⤵
  PID:6980
- C:\Windows\System\eRskVkV.exe
  C:\Windows\System\eRskVkV.exe
  2⤵
  PID:7000
- C:\Windows\System\vzPDpTT.exe
  C:\Windows\System\vzPDpTT.exe
  2⤵
  PID:7016
- C:\Windows\System\xVkASlj.exe
  C:\Windows\System\xVkASlj.exe
  2⤵
  PID:7032
- C:\Windows\System\UaegWjK.exe
  C:\Windows\System\UaegWjK.exe
  2⤵
  PID:7048
- C:\Windows\System\HVWPucg.exe
  C:\Windows\System\HVWPucg.exe
  2⤵
  PID:7064
- C:\Windows\System\AyjXAbi.exe
  C:\Windows\System\AyjXAbi.exe
  2⤵
  PID:7084
- C:\Windows\System\yOCCRIp.exe
  C:\Windows\System\yOCCRIp.exe
  2⤵
  PID:7104
- C:\Windows\System\WbNgglK.exe
  C:\Windows\System\WbNgglK.exe
  2⤵
  PID:7120
- C:\Windows\System\BDVRhej.exe
  C:\Windows\System\BDVRhej.exe
  2⤵
  PID:7136
- C:\Windows\System\YZlkKUj.exe
  C:\Windows\System\YZlkKUj.exe
  2⤵
  PID:7152
- C:\Windows\System\HUozUtc.exe
  C:\Windows\System\HUozUtc.exe
  2⤵
  PID:5292
- C:\Windows\System\oaWenmH.exe
  C:\Windows\System\oaWenmH.exe
  2⤵
  PID:5256
- C:\Windows\System\KYnZRyI.exe
  C:\Windows\System\KYnZRyI.exe
  2⤵
  PID:6016
- C:\Windows\System\IDwMeig.exe
  C:\Windows\System\IDwMeig.exe
  2⤵
  PID:5416
- C:\Windows\System\HotdUix.exe
  C:\Windows\System\HotdUix.exe
  2⤵
  PID:2080
- C:\Windows\System\aUILWaW.exe
  C:\Windows\System\aUILWaW.exe
  2⤵
  PID:6188
- C:\Windows\System\XnqaktI.exe
  C:\Windows\System\XnqaktI.exe
  2⤵
  PID:5592
- C:\Windows\System\Kmscfzv.exe
  C:\Windows\System\Kmscfzv.exe
  2⤵
  PID:5680
- C:\Windows\System\HYgTyGQ.exe
  C:\Windows\System\HYgTyGQ.exe
  2⤵
  PID:6244
- C:\Windows\System\WSpCGZP.exe
  C:\Windows\System\WSpCGZP.exe
  2⤵
  PID:6260
- C:\Windows\System\sRzNxCc.exe
  C:\Windows\System\sRzNxCc.exe
  2⤵
  PID:6396
- C:\Windows\System\GUCzdgp.exe
  C:\Windows\System\GUCzdgp.exe
  2⤵
  PID:6332
- C:\Windows\System\sqQzcEI.exe
  C:\Windows\System\sqQzcEI.exe
  2⤵
  PID:6424
- C:\Windows\System\GDWZQkp.exe
  C:\Windows\System\GDWZQkp.exe
  2⤵
  PID:6344
- C:\Windows\System\nGuwbNQ.exe
  C:\Windows\System\nGuwbNQ.exe
  2⤵
  PID:6408
- C:\Windows\System\vMpLGOq.exe
  C:\Windows\System\vMpLGOq.exe
  2⤵
  PID:6456
- C:\Windows\System\GBdXxkp.exe
  C:\Windows\System\GBdXxkp.exe
  2⤵
  PID:6508
- C:\Windows\System\uAFCSST.exe
  C:\Windows\System\uAFCSST.exe
  2⤵
  PID:6632
- C:\Windows\System\LSTtDqU.exe
  C:\Windows\System\LSTtDqU.exe
  2⤵
  PID:6700
- C:\Windows\System\VFCMgeK.exe
  C:\Windows\System\VFCMgeK.exe
  2⤵
  PID:6764
- C:\Windows\System\AOPDiCD.exe
  C:\Windows\System\AOPDiCD.exe
  2⤵
  PID:6796
- C:\Windows\System\LjSYpXG.exe
  C:\Windows\System\LjSYpXG.exe
  2⤵
  PID:6652
- C:\Windows\System\piMzBYR.exe
  C:\Windows\System\piMzBYR.exe
  2⤵
  PID:6688
- C:\Windows\System\xjDPiVG.exe
  C:\Windows\System\xjDPiVG.exe
  2⤵
  PID:6780
- C:\Windows\System\omfpxtK.exe
  C:\Windows\System\omfpxtK.exe
  2⤵
  PID:6880
- C:\Windows\System\bJZjCsv.exe
  C:\Windows\System\bJZjCsv.exe
  2⤵
  PID:6928
- C:\Windows\System\defUdvU.exe
  C:\Windows\System\defUdvU.exe
  2⤵
  PID:6908
- C:\Windows\System\pIQStTn.exe
  C:\Windows\System\pIQStTn.exe
  2⤵
  PID:7008
- C:\Windows\System\EKtggSG.exe
  C:\Windows\System\EKtggSG.exe
  2⤵
  PID:6956
- C:\Windows\System\bGFfSFw.exe
  C:\Windows\System\bGFfSFw.exe
  2⤵
  PID:7044
- C:\Windows\System\gXbBPMH.exe
  C:\Windows\System\gXbBPMH.exe
  2⤵
  PID:7028
- C:\Windows\System\rAzqLcX.exe
  C:\Windows\System\rAzqLcX.exe
  2⤵
  PID:7096
- C:\Windows\System\tQBNmty.exe
  C:\Windows\System\tQBNmty.exe
  2⤵
  PID:7100
- C:\Windows\System\PYDxIVa.exe
  C:\Windows\System\PYDxIVa.exe
  2⤵
  PID:7148
- C:\Windows\System\GHOqyoK.exe
  C:\Windows\System\GHOqyoK.exe
  2⤵
  PID:7116
- C:\Windows\System\tvskENL.exe
  C:\Windows\System\tvskENL.exe
  2⤵
  PID:5612
- C:\Windows\System\FsMPMfJ.exe
  C:\Windows\System\FsMPMfJ.exe
  2⤵
  PID:4992
- C:\Windows\System\xUsitog.exe
  C:\Windows\System\xUsitog.exe
  2⤵
  PID:6360
- C:\Windows\System\qDWLAqp.exe
  C:\Windows\System\qDWLAqp.exe
  2⤵
  PID:6208
- C:\Windows\System\ZUVNCuc.exe
  C:\Windows\System\ZUVNCuc.exe
  2⤵
  PID:6060
- C:\Windows\System\fjJQxCG.exe
  C:\Windows\System\fjJQxCG.exe
  2⤵
  PID:6316
- C:\Windows\System\lSjRqhW.exe
  C:\Windows\System\lSjRqhW.exe
  2⤵
  PID:6440
- C:\Windows\System\SRCOzaO.exe
  C:\Windows\System\SRCOzaO.exe
  2⤵
  PID:6476
- C:\Windows\System\MTyHwbx.exe
  C:\Windows\System\MTyHwbx.exe
  2⤵
  PID:6524
- C:\Windows\System\RZUKlDc.exe
  C:\Windows\System\RZUKlDc.exe
  2⤵
  PID:6572
- C:\Windows\System\zXoWNPV.exe
  C:\Windows\System\zXoWNPV.exe
  2⤵
  PID:6588
- C:\Windows\System\QvXshWV.exe
  C:\Windows\System\QvXshWV.exe
  2⤵
  PID:6736
- C:\Windows\System\rHAvXRv.exe
  C:\Windows\System\rHAvXRv.exe
  2⤵
  PID:6672
- C:\Windows\System\AdAZmaa.exe
  C:\Windows\System\AdAZmaa.exe
  2⤵
  PID:6876
- C:\Windows\System\sTFJelB.exe
  C:\Windows\System\sTFJelB.exe
  2⤵
  PID:6944
- C:\Windows\System\ldViFaP.exe
  C:\Windows\System\ldViFaP.exe
  2⤵
  PID:6848
- C:\Windows\System\pxZtkzj.exe
  C:\Windows\System\pxZtkzj.exe
  2⤵
  PID:6684
- C:\Windows\System\xTEewzz.exe
  C:\Windows\System\xTEewzz.exe
  2⤵
  PID:7024
- C:\Windows\System\ufrTHuu.exe
  C:\Windows\System\ufrTHuu.exe
  2⤵
  PID:6992
- C:\Windows\System\uWFWsHH.exe
  C:\Windows\System\uWFWsHH.exe
  2⤵
  PID:6268
- C:\Windows\System\dbDVkHM.exe
  C:\Windows\System\dbDVkHM.exe
  2⤵
  PID:6540
- C:\Windows\System\aSAXPQi.exe
  C:\Windows\System\aSAXPQi.exe
  2⤵
  PID:6504
- C:\Windows\System\RTQmnNY.exe
  C:\Windows\System\RTQmnNY.exe
  2⤵
  PID:6284
- C:\Windows\System\MncufmK.exe
  C:\Windows\System\MncufmK.exe
  2⤵
  PID:6256
- C:\Windows\System\rDheXXV.exe
  C:\Windows\System\rDheXXV.exe
  2⤵
  PID:6800
- C:\Windows\System\OTBeJBw.exe
  C:\Windows\System\OTBeJBw.exe
  2⤵
  PID:6812
- C:\Windows\System\FAlfHUz.exe
  C:\Windows\System\FAlfHUz.exe
  2⤵
  PID:6996
- C:\Windows\System\bCNmyRy.exe
  C:\Windows\System\bCNmyRy.exe
  2⤵
  PID:7080
- C:\Windows\System\IfVcLIl.exe
  C:\Windows\System\IfVcLIl.exe
  2⤵
  PID:7092
- C:\Windows\System\qrQXxnd.exe
  C:\Windows\System\qrQXxnd.exe
  2⤵
  PID:6604
- C:\Windows\System\qyKFgUh.exe
  C:\Windows\System\qyKFgUh.exe
  2⤵
  PID:6584
- C:\Windows\System\APZEvnT.exe
  C:\Windows\System\APZEvnT.exe
  2⤵
  PID:6832
- C:\Windows\System\fTWQpkw.exe
  C:\Windows\System\fTWQpkw.exe
  2⤵
  PID:6752
- C:\Windows\System\lSbiELM.exe
  C:\Windows\System\lSbiELM.exe
  2⤵
  PID:6748
- C:\Windows\System\RUnjwGs.exe
  C:\Windows\System\RUnjwGs.exe
  2⤵
  PID:6172
- C:\Windows\System\WvweJoK.exe
  C:\Windows\System\WvweJoK.exe
  2⤵
  PID:6160
- C:\Windows\System\GAANfyj.exe
  C:\Windows\System\GAANfyj.exe
  2⤵
  PID:6156
- C:\Windows\System\MniSVzP.exe
  C:\Windows\System\MniSVzP.exe
  2⤵
  PID:7184
- C:\Windows\System\WDEOVAp.exe
  C:\Windows\System\WDEOVAp.exe
  2⤵
  PID:7200
- C:\Windows\System\nAWfbdE.exe
  C:\Windows\System\nAWfbdE.exe
  2⤵
  PID:7216
- C:\Windows\System\BkvDvEy.exe
  C:\Windows\System\BkvDvEy.exe
  2⤵
  PID:7232
- C:\Windows\System\yirbJRh.exe
  C:\Windows\System\yirbJRh.exe
  2⤵
  PID:7248
- C:\Windows\System\qFadrIZ.exe
  C:\Windows\System\qFadrIZ.exe
  2⤵
  PID:7264
- C:\Windows\System\VlgPyZs.exe
  C:\Windows\System\VlgPyZs.exe
  2⤵
  PID:7280
- C:\Windows\System\IHMqmUp.exe
  C:\Windows\System\IHMqmUp.exe
  2⤵
  PID:7296
- C:\Windows\System\bZvtSkw.exe
  C:\Windows\System\bZvtSkw.exe
  2⤵
  PID:7312
- C:\Windows\System\ZagLXGC.exe
  C:\Windows\System\ZagLXGC.exe
  2⤵
  PID:7328
- C:\Windows\System\QHKYyGP.exe
  C:\Windows\System\QHKYyGP.exe
  2⤵
  PID:7344
- C:\Windows\System\wWdMdKW.exe
  C:\Windows\System\wWdMdKW.exe
  2⤵
  PID:7364
- C:\Windows\System\qZzXBYE.exe
  C:\Windows\System\qZzXBYE.exe
  2⤵
  PID:7380
- C:\Windows\System\cEJSkcP.exe
  C:\Windows\System\cEJSkcP.exe
  2⤵
  PID:7396
- C:\Windows\System\hABWBWY.exe
  C:\Windows\System\hABWBWY.exe
  2⤵
  PID:7412
- C:\Windows\System\FTNbAFa.exe
  C:\Windows\System\FTNbAFa.exe
  2⤵
  PID:7428
- C:\Windows\System\OZchoLT.exe
  C:\Windows\System\OZchoLT.exe
  2⤵
  PID:7444
- C:\Windows\System\NhIXVFQ.exe
  C:\Windows\System\NhIXVFQ.exe
  2⤵
  PID:7460
- C:\Windows\System\JMAehCV.exe
  C:\Windows\System\JMAehCV.exe
  2⤵
  PID:7476
- C:\Windows\System\alCQIYC.exe
  C:\Windows\System\alCQIYC.exe
  2⤵
  PID:7492
- C:\Windows\System\KnehnkB.exe
  C:\Windows\System\KnehnkB.exe
  2⤵
  PID:7508
- C:\Windows\System\vKOfXks.exe
  C:\Windows\System\vKOfXks.exe
  2⤵
  PID:7524
- C:\Windows\System\MxhgKLd.exe
  C:\Windows\System\MxhgKLd.exe
  2⤵
  PID:7540
- C:\Windows\System\jbLNoyW.exe
  C:\Windows\System\jbLNoyW.exe
  2⤵
  PID:7556
- C:\Windows\System\CfRUKgD.exe
  C:\Windows\System\CfRUKgD.exe
  2⤵
  PID:7572
- C:\Windows\System\FBDvaRU.exe
  C:\Windows\System\FBDvaRU.exe
  2⤵
  PID:7588
- C:\Windows\System\lAFShNr.exe
  C:\Windows\System\lAFShNr.exe
  2⤵
  PID:7604
- C:\Windows\System\aVLlhWZ.exe
  C:\Windows\System\aVLlhWZ.exe
  2⤵
  PID:7620
- C:\Windows\System\WjFsJaN.exe
  C:\Windows\System\WjFsJaN.exe
  2⤵
  PID:7636
- C:\Windows\System\mcVYjhN.exe
  C:\Windows\System\mcVYjhN.exe
  2⤵
  PID:7652
- C:\Windows\System\hdcmFEs.exe
  C:\Windows\System\hdcmFEs.exe
  2⤵
  PID:7668
- C:\Windows\System\DarRIVD.exe
  C:\Windows\System\DarRIVD.exe
  2⤵
  PID:7684
- C:\Windows\System\AwooyeL.exe
  C:\Windows\System\AwooyeL.exe
  2⤵
  PID:7700
- C:\Windows\System\rLYvPsn.exe
  C:\Windows\System\rLYvPsn.exe
  2⤵
  PID:7716
- C:\Windows\System\cZrDEzW.exe
  C:\Windows\System\cZrDEzW.exe
  2⤵
  PID:7732
- C:\Windows\System\CjqWZIK.exe
  C:\Windows\System\CjqWZIK.exe
  2⤵
  PID:7748
- C:\Windows\System\MYRbsQB.exe
  C:\Windows\System\MYRbsQB.exe
  2⤵
  PID:7764
- C:\Windows\System\EPYPybf.exe
  C:\Windows\System\EPYPybf.exe
  2⤵
  PID:7780
- C:\Windows\System\vZcdeyg.exe
  C:\Windows\System\vZcdeyg.exe
  2⤵
  PID:7800
- C:\Windows\System\AwySHxI.exe
  C:\Windows\System\AwySHxI.exe
  2⤵
  PID:7816
- C:\Windows\System\HpsefTx.exe
  C:\Windows\System\HpsefTx.exe
  2⤵
  PID:7832
- C:\Windows\System\nPQCrHp.exe
  C:\Windows\System\nPQCrHp.exe
  2⤵
  PID:7848
- C:\Windows\System\zgymSuQ.exe
  C:\Windows\System\zgymSuQ.exe
  2⤵
  PID:7864
- C:\Windows\System\FlKFTid.exe
  C:\Windows\System\FlKFTid.exe
  2⤵
  PID:7880
- C:\Windows\System\fUVuJXw.exe
  C:\Windows\System\fUVuJXw.exe
  2⤵
  PID:7896
- C:\Windows\System\hftwKNv.exe
  C:\Windows\System\hftwKNv.exe
  2⤵
  PID:7916
- C:\Windows\System\phWVdfY.exe
  C:\Windows\System\phWVdfY.exe
  2⤵
  PID:7932
- C:\Windows\System\TaASlvz.exe
  C:\Windows\System\TaASlvz.exe
  2⤵
  PID:7948
- C:\Windows\System\ZQnkfdd.exe
  C:\Windows\System\ZQnkfdd.exe
  2⤵
  PID:7964
- C:\Windows\System\oLZJUuz.exe
  C:\Windows\System\oLZJUuz.exe
  2⤵
  PID:7980
- C:\Windows\System\OBIwHnr.exe
  C:\Windows\System\OBIwHnr.exe
  2⤵
  PID:7996
- C:\Windows\System\LUCrGqA.exe
  C:\Windows\System\LUCrGqA.exe
  2⤵
  PID:8012
- C:\Windows\System\pvoqWLN.exe
  C:\Windows\System\pvoqWLN.exe
  2⤵
  PID:8028
- C:\Windows\System\dKOvivt.exe
  C:\Windows\System\dKOvivt.exe
  2⤵
  PID:8044
- C:\Windows\System\MvCmgow.exe
  C:\Windows\System\MvCmgow.exe
  2⤵
  PID:8060
- C:\Windows\System\IvULhQR.exe
  C:\Windows\System\IvULhQR.exe
  2⤵
  PID:8076
- C:\Windows\System\lSTsFkV.exe
  C:\Windows\System\lSTsFkV.exe
  2⤵
  PID:8096
- C:\Windows\System\bVmPDfo.exe
  C:\Windows\System\bVmPDfo.exe
  2⤵
  PID:8112
- C:\Windows\System\jWBBXEi.exe
  C:\Windows\System\jWBBXEi.exe
  2⤵
  PID:8128
- C:\Windows\System\EjiWjgw.exe
  C:\Windows\System\EjiWjgw.exe
  2⤵
  PID:8144
- C:\Windows\System\ZTIjdIZ.exe
  C:\Windows\System\ZTIjdIZ.exe
  2⤵
  PID:8160
- C:\Windows\System\YwzgeAp.exe
  C:\Windows\System\YwzgeAp.exe
  2⤵
  PID:8176
- C:\Windows\System\UCuVzIr.exe
  C:\Windows\System\UCuVzIr.exe
  2⤵
  PID:5348
- C:\Windows\System\VCVzIep.exe
  C:\Windows\System\VCVzIep.exe
  2⤵
  PID:6204
- C:\Windows\System\CDCrfzK.exe
  C:\Windows\System\CDCrfzK.exe
  2⤵
  PID:6520
- C:\Windows\System\BsjPJCl.exe
  C:\Windows\System\BsjPJCl.exe
  2⤵
  PID:7256
- C:\Windows\System\kfeaAAF.exe
  C:\Windows\System\kfeaAAF.exe
  2⤵
  PID:7040
- C:\Windows\System\WxWMlzO.exe
  C:\Windows\System\WxWMlzO.exe
  2⤵
  PID:7208
- C:\Windows\System\ntHCaql.exe
  C:\Windows\System\ntHCaql.exe
  2⤵
  PID:7240
- C:\Windows\System\gnzjGDA.exe
  C:\Windows\System\gnzjGDA.exe
  2⤵
  PID:7292
- C:\Windows\System\KPyFqKW.exe
  C:\Windows\System\KPyFqKW.exe
  2⤵
  PID:7360
- C:\Windows\System\UhzoPTf.exe
  C:\Windows\System\UhzoPTf.exe
  2⤵
  PID:7304
- C:\Windows\System\dhqgrXI.exe
  C:\Windows\System\dhqgrXI.exe
  2⤵
  PID:7308
- C:\Windows\System\nObYYYD.exe
  C:\Windows\System\nObYYYD.exe
  2⤵
  PID:7452
- C:\Windows\System\uFcAEpW.exe
  C:\Windows\System\uFcAEpW.exe
  2⤵
  PID:7372
- C:\Windows\System\YdjtZFq.exe
  C:\Windows\System\YdjtZFq.exe
  2⤵
  PID:7548
- C:\Windows\System\fIsrOIC.exe
  C:\Windows\System\fIsrOIC.exe
  2⤵
  PID:7580
- C:\Windows\System\ihyJWMX.exe
  C:\Windows\System\ihyJWMX.exe
  2⤵
  PID:7644
- C:\Windows\System\vBjsSnq.exe
  C:\Windows\System\vBjsSnq.exe
  2⤵
  PID:7500
- C:\Windows\System\XRQSbVk.exe
  C:\Windows\System\XRQSbVk.exe
  2⤵
  PID:7564
- C:\Windows\System\VtYvOMM.exe
  C:\Windows\System\VtYvOMM.exe
  2⤵
  PID:7628
- C:\Windows\System\uETDtfW.exe
  C:\Windows\System\uETDtfW.exe
  2⤵
  PID:7692
- C:\Windows\System\CizSJgv.exe
  C:\Windows\System\CizSJgv.exe
  2⤵
  PID:7724
- C:\Windows\System\VvKPqdJ.exe
  C:\Windows\System\VvKPqdJ.exe
  2⤵
  PID:7744
- C:\Windows\System\DbQnDql.exe
  C:\Windows\System\DbQnDql.exe
  2⤵
  PID:7812
- C:\Windows\System\DShAMNX.exe
  C:\Windows\System\DShAMNX.exe
  2⤵
  PID:7796
- C:\Windows\System\npYqHuO.exe
  C:\Windows\System\npYqHuO.exe
  2⤵
  PID:7888
- C:\Windows\System\KpCFDpL.exe
  C:\Windows\System\KpCFDpL.exe
  2⤵
  PID:7960
- C:\Windows\System\ACPvGfz.exe
  C:\Windows\System\ACPvGfz.exe
  2⤵
  PID:8024
- C:\Windows\System\ZRXRdzt.exe
  C:\Windows\System\ZRXRdzt.exe
  2⤵
  PID:7924
- C:\Windows\System\lCWceIY.exe
  C:\Windows\System\lCWceIY.exe
  2⤵
  PID:7872
- C:\Windows\System\josEUiL.exe
  C:\Windows\System\josEUiL.exe
  2⤵
  PID:7912
- C:\Windows\System\aFnhHBz.exe
  C:\Windows\System\aFnhHBz.exe
  2⤵
  PID:8004
- C:\Windows\System\YYZsQZz.exe
  C:\Windows\System\YYZsQZz.exe
  2⤵
  PID:8136
- C:\Windows\System\HlWtQuy.exe
  C:\Windows\System\HlWtQuy.exe
  2⤵
  PID:8108
- C:\Windows\System\ofKcgZw.exe
  C:\Windows\System\ofKcgZw.exe
  2⤵
  PID:8088
- C:\Windows\System\vadtJiE.exe
  C:\Windows\System\vadtJiE.exe
  2⤵
  PID:7196
- C:\Windows\System\seGtWLu.exe
  C:\Windows\System\seGtWLu.exe
  2⤵
  PID:7272
- C:\Windows\System\XMDxxHD.exe
  C:\Windows\System\XMDxxHD.exe
  2⤵
  PID:8152
- C:\Windows\System\ZgsCqsG.exe
  C:\Windows\System\ZgsCqsG.exe
  2⤵
  PID:7288
- C:\Windows\System\LWHkEOP.exe
  C:\Windows\System\LWHkEOP.exe
  2⤵
  PID:7076
- C:\Windows\System\qgnymhR.exe
  C:\Windows\System\qgnymhR.exe
  2⤵
  PID:7336
- C:\Windows\System\GWsFNbd.exe
  C:\Windows\System\GWsFNbd.exe
  2⤵
  PID:7340
- C:\Windows\System\kvpsNFu.exe
  C:\Windows\System\kvpsNFu.exe
  2⤵
  PID:7536
- C:\Windows\System\EhzsPHh.exe
  C:\Windows\System\EhzsPHh.exe
  2⤵
  PID:7788
- C:\Windows\System\QcnaSPz.exe
  C:\Windows\System\QcnaSPz.exe
  2⤵
  PID:7404
- C:\Windows\System\mddDWAR.exe
  C:\Windows\System\mddDWAR.exe
  2⤵
  PID:7472
- C:\Windows\System\lNBIIVD.exe
  C:\Windows\System\lNBIIVD.exe
  2⤵
  PID:7776
- C:\Windows\System\PQJWaFE.exe
  C:\Windows\System\PQJWaFE.exe
  2⤵
  PID:8020
- C:\Windows\System\VBFuHCX.exe
  C:\Windows\System\VBFuHCX.exe
  2⤵
  PID:8188
- C:\Windows\System\IfHTjTn.exe
  C:\Windows\System\IfHTjTn.exe
  2⤵
  PID:7976
- C:\Windows\System\LfsffoN.exe
  C:\Windows\System\LfsffoN.exe
  2⤵
  PID:8092
- C:\Windows\System\tywTqhU.exe
  C:\Windows\System\tywTqhU.exe
  2⤵
  PID:7180
- C:\Windows\System\PRvTvEd.exe
  C:\Windows\System\PRvTvEd.exe
  2⤵
  PID:6444
- C:\Windows\System\WoWSHal.exe
  C:\Windows\System\WoWSHal.exe
  2⤵
  PID:7532
- C:\Windows\System\RKtVbMY.exe
  C:\Windows\System\RKtVbMY.exe
  2⤵
  PID:7708
- C:\Windows\System\nmEdIOk.exe
  C:\Windows\System\nmEdIOk.exe
  2⤵
  PID:7740
- C:\Windows\System\mtLFQLT.exe
  C:\Windows\System\mtLFQLT.exe
  2⤵
  PID:7488
- C:\Windows\System\tDqLrwb.exe
  C:\Windows\System\tDqLrwb.exe
  2⤵
  PID:8084
- C:\Windows\System\uuUSxpX.exe
  C:\Windows\System\uuUSxpX.exe
  2⤵
  PID:7908
- C:\Windows\System\aBgjZYt.exe
  C:\Windows\System\aBgjZYt.exe
  2⤵
  PID:7944
- C:\Windows\System\gqzomDy.exe
  C:\Windows\System\gqzomDy.exe
  2⤵
  PID:7392
- C:\Windows\System\QvEETWl.exe
  C:\Windows\System\QvEETWl.exe
  2⤵
  PID:7224
- C:\Windows\System\uMUeojE.exe
  C:\Windows\System\uMUeojE.exe
  2⤵
  PID:7756
- C:\Windows\System\oKyLwlU.exe
  C:\Windows\System\oKyLwlU.exe
  2⤵
  PID:7352
- C:\Windows\System\xICaCFD.exe
  C:\Windows\System\xICaCFD.exe
  2⤵
  PID:8056
- C:\Windows\System\hgMoyIR.exe
  C:\Windows\System\hgMoyIR.exe
  2⤵
  PID:7696
- C:\Windows\System\HSdnuOV.exe
  C:\Windows\System\HSdnuOV.exe
  2⤵
  PID:8208
- C:\Windows\System\NbJFIGF.exe
  C:\Windows\System\NbJFIGF.exe
  2⤵
  PID:8224
- C:\Windows\System\Ufvyqyf.exe
  C:\Windows\System\Ufvyqyf.exe
  2⤵
  PID:8240
- C:\Windows\System\qYpIwhB.exe
  C:\Windows\System\qYpIwhB.exe
  2⤵
  PID:8256
- C:\Windows\System\UeXfNsy.exe
  C:\Windows\System\UeXfNsy.exe
  2⤵
  PID:8272
- C:\Windows\System\jSeBVkf.exe
  C:\Windows\System\jSeBVkf.exe
  2⤵
  PID:8288
- C:\Windows\System\CiLrfVY.exe
  C:\Windows\System\CiLrfVY.exe
  2⤵
  PID:8304
- C:\Windows\System\fHZDoTO.exe
  C:\Windows\System\fHZDoTO.exe
  2⤵
  PID:8320
- C:\Windows\System\nlRyCBy.exe
  C:\Windows\System\nlRyCBy.exe
  2⤵
  PID:8336
- C:\Windows\System\AazSLon.exe
  C:\Windows\System\AazSLon.exe
  2⤵
  PID:8352
- C:\Windows\System\YlPdzxm.exe
  C:\Windows\System\YlPdzxm.exe
  2⤵
  PID:8368
- C:\Windows\System\KPIKiiE.exe
  C:\Windows\System\KPIKiiE.exe
  2⤵
  PID:8384
- C:\Windows\System\ZvTFwqO.exe
  C:\Windows\System\ZvTFwqO.exe
  2⤵
  PID:8400
- C:\Windows\System\LRleMvq.exe
  C:\Windows\System\LRleMvq.exe
  2⤵
  PID:8416
- C:\Windows\System\lXtmTTo.exe
  C:\Windows\System\lXtmTTo.exe
  2⤵
  PID:8432
- C:\Windows\System\iUQhUeC.exe
  C:\Windows\System\iUQhUeC.exe
  2⤵
  PID:8448
- C:\Windows\System\JemJgzV.exe
  C:\Windows\System\JemJgzV.exe
  2⤵
  PID:8464
- C:\Windows\System\FKuzKvt.exe
  C:\Windows\System\FKuzKvt.exe
  2⤵
  PID:8480
- C:\Windows\System\TCbPOGH.exe
  C:\Windows\System\TCbPOGH.exe
  2⤵
  PID:8496
- C:\Windows\System\wmtgoJN.exe
  C:\Windows\System\wmtgoJN.exe
  2⤵
  PID:8512
- C:\Windows\System\FFDwcQd.exe
  C:\Windows\System\FFDwcQd.exe
  2⤵
  PID:8528
- C:\Windows\System\rNNcYtb.exe
  C:\Windows\System\rNNcYtb.exe
  2⤵
  PID:8544
- C:\Windows\System\NrmbDhn.exe
  C:\Windows\System\NrmbDhn.exe
  2⤵
  PID:8560
- C:\Windows\System\qIWIhzw.exe
  C:\Windows\System\qIWIhzw.exe
  2⤵
  PID:8576
- C:\Windows\System\kxCknUa.exe
  C:\Windows\System\kxCknUa.exe
  2⤵
  PID:8632
- C:\Windows\System\fGjdxgk.exe
  C:\Windows\System\fGjdxgk.exe
  2⤵
  PID:8648
- C:\Windows\System\tUsiVpD.exe
  C:\Windows\System\tUsiVpD.exe
  2⤵
  PID:8668
- C:\Windows\System\RJBfceh.exe
  C:\Windows\System\RJBfceh.exe
  2⤵
  PID:8684
- C:\Windows\System\lzXVrAe.exe
  C:\Windows\System\lzXVrAe.exe
  2⤵
  PID:8700
- C:\Windows\System\pZlVOZL.exe
  C:\Windows\System\pZlVOZL.exe
  2⤵
  PID:8716
- C:\Windows\System\rdWawHd.exe
  C:\Windows\System\rdWawHd.exe
  2⤵
  PID:8732
- C:\Windows\System\nsQgjct.exe
  C:\Windows\System\nsQgjct.exe
  2⤵
  PID:8748
- C:\Windows\System\fioqAxf.exe
  C:\Windows\System\fioqAxf.exe
  2⤵
  PID:8764
- C:\Windows\System\OZZMfce.exe
  C:\Windows\System\OZZMfce.exe
  2⤵
  PID:8780
- C:\Windows\System\URTXdvD.exe
  C:\Windows\System\URTXdvD.exe
  2⤵
  PID:8796
- C:\Windows\System\AFZpNZc.exe
  C:\Windows\System\AFZpNZc.exe
  2⤵
  PID:8812
- C:\Windows\System\lyoHmLu.exe
  C:\Windows\System\lyoHmLu.exe
  2⤵
  PID:8828
- C:\Windows\System\obgpNcA.exe
  C:\Windows\System\obgpNcA.exe
  2⤵
  PID:8844
- C:\Windows\System\ZZYmNCv.exe
  C:\Windows\System\ZZYmNCv.exe
  2⤵
  PID:8860
- C:\Windows\System\oiVRxxY.exe
  C:\Windows\System\oiVRxxY.exe
  2⤵
  PID:8876
- C:\Windows\System\DRsmEHj.exe
  C:\Windows\System\DRsmEHj.exe
  2⤵
  PID:8892
- C:\Windows\System\hOzgXWA.exe
  C:\Windows\System\hOzgXWA.exe
  2⤵
  PID:8908
- C:\Windows\System\RlODljL.exe
  C:\Windows\System\RlODljL.exe
  2⤵
  PID:8924
- C:\Windows\System\iZBaBti.exe
  C:\Windows\System\iZBaBti.exe
  2⤵
  PID:8940
- C:\Windows\System\rbBUNtF.exe
  C:\Windows\System\rbBUNtF.exe
  2⤵
  PID:8956
- C:\Windows\System\XKCFtXt.exe
  C:\Windows\System\XKCFtXt.exe
  2⤵
  PID:8972
- C:\Windows\System\vfDeAms.exe
  C:\Windows\System\vfDeAms.exe
  2⤵
  PID:8988
- C:\Windows\System\NcFgKkg.exe
  C:\Windows\System\NcFgKkg.exe
  2⤵
  PID:9004
- C:\Windows\System\ufpjeuF.exe
  C:\Windows\System\ufpjeuF.exe
  2⤵
  PID:9024
- C:\Windows\System\uxnrpoX.exe
  C:\Windows\System\uxnrpoX.exe
  2⤵
  PID:9048
- C:\Windows\System\dqwUPvw.exe
  C:\Windows\System\dqwUPvw.exe
  2⤵
  PID:9064
- C:\Windows\System\uQbbVIf.exe
  C:\Windows\System\uQbbVIf.exe
  2⤵
  PID:9080
- C:\Windows\System\zVmpEQv.exe
  C:\Windows\System\zVmpEQv.exe
  2⤵
  PID:9096
- C:\Windows\System\dzPjwJy.exe
  C:\Windows\System\dzPjwJy.exe
  2⤵
  PID:9112
- C:\Windows\System\wJBtdTN.exe
  C:\Windows\System\wJBtdTN.exe
  2⤵
  PID:9128
- C:\Windows\System\NFrSgdR.exe
  C:\Windows\System\NFrSgdR.exe
  2⤵
  PID:9144
- C:\Windows\System\IbYNtuT.exe
  C:\Windows\System\IbYNtuT.exe
  2⤵
  PID:9164
- C:\Windows\System\UlDHziC.exe
  C:\Windows\System\UlDHziC.exe
  2⤵
  PID:9180
- C:\Windows\System\PuLeHPp.exe
  C:\Windows\System\PuLeHPp.exe
  2⤵
  PID:8344
- C:\Windows\System\hkowlMU.exe
  C:\Windows\System\hkowlMU.exe
  2⤵
  PID:8376
- C:\Windows\System\dxVjBwc.exe
  C:\Windows\System\dxVjBwc.exe
  2⤵
  PID:8472
- C:\Windows\System\fUIDwrx.exe
  C:\Windows\System\fUIDwrx.exe
  2⤵
  PID:5508
- C:\Windows\System\rKSnqtc.exe
  C:\Windows\System\rKSnqtc.exe
  2⤵
  PID:8612
- C:\Windows\System\NRLqudG.exe
  C:\Windows\System\NRLqudG.exe
  2⤵
  PID:8628
- C:\Windows\System\cUecWfr.exe
  C:\Windows\System\cUecWfr.exe
  2⤵
  PID:8660
- C:\Windows\System\ZAxxYLx.exe
  C:\Windows\System\ZAxxYLx.exe
  2⤵
  PID:8808
- C:\Windows\System\torycuM.exe
  C:\Windows\System\torycuM.exe
  2⤵
  PID:8788
- C:\Windows\System\BtWWrwS.exe
  C:\Windows\System\BtWWrwS.exe
  2⤵
  PID:8852
- C:\Windows\System\TcHTxUf.exe
  C:\Windows\System\TcHTxUf.exe
  2⤵
  PID:8916
- C:\Windows\System\mSSccmH.exe
  C:\Windows\System\mSSccmH.exe
  2⤵
  PID:8900
- C:\Windows\System\CytIEFo.exe
  C:\Windows\System\CytIEFo.exe
  2⤵
  PID:8984
- C:\Windows\System\qSnZONY.exe
  C:\Windows\System\qSnZONY.exe
  2⤵
  PID:9016
- C:\Windows\System\eBkgFtE.exe
  C:\Windows\System\eBkgFtE.exe
  2⤵
  PID:9040
- C:\Windows\System\MnHEfoL.exe
  C:\Windows\System\MnHEfoL.exe
  2⤵
  PID:9092
- C:\Windows\System\cLGpncP.exe
  C:\Windows\System\cLGpncP.exe
  2⤵
  PID:9160
- C:\Windows\System\fjyaefE.exe
  C:\Windows\System\fjyaefE.exe
  2⤵
  PID:9072
- C:\Windows\System\rDZViKD.exe
  C:\Windows\System\rDZViKD.exe
  2⤵
  PID:7856
- C:\Windows\System\LEuBnTZ.exe
  C:\Windows\System\LEuBnTZ.exe
  2⤵
  PID:9212
- C:\Windows\System\xFTVrQU.exe
  C:\Windows\System\xFTVrQU.exe
  2⤵
  PID:8124
- C:\Windows\System\XSRTUFd.exe
  C:\Windows\System\XSRTUFd.exe
  2⤵
  PID:8248
- C:\Windows\System\OJJjphI.exe
  C:\Windows\System\OJJjphI.exe
  2⤵
  PID:9032
- C:\Windows\System\fjSEOBL.exe
  C:\Windows\System\fjSEOBL.exe
  2⤵
  PID:8232
- C:\Windows\System\WaXGJlK.exe
  C:\Windows\System\WaXGJlK.exe
  2⤵
  PID:8300
- C:\Windows\System\zOwziMP.exe
  C:\Windows\System\zOwziMP.exe
  2⤵
  PID:8284
- C:\Windows\System\DUXvMFc.exe
  C:\Windows\System\DUXvMFc.exe
  2⤵
  PID:8428
- C:\Windows\System\hZHQaJk.exe
  C:\Windows\System\hZHQaJk.exe
  2⤵
  PID:8552
- C:\Windows\System\EdyIGMn.exe
  C:\Windows\System\EdyIGMn.exe
  2⤵
  PID:8604
- C:\Windows\System\PhpuUQx.exe
  C:\Windows\System\PhpuUQx.exe
  2⤵
  PID:8492
- C:\Windows\System\VoGerLL.exe
  C:\Windows\System\VoGerLL.exe
  2⤵
  PID:8620
- C:\Windows\System\YaFgbfo.exe
  C:\Windows\System\YaFgbfo.exe
  2⤵
  PID:8776
- C:\Windows\System\YJofzzE.exe
  C:\Windows\System\YJofzzE.exe
  2⤵
  PID:8724
- C:\Windows\System\nIHkYDi.exe
  C:\Windows\System\nIHkYDi.exe
  2⤵
  PID:8760
- C:\Windows\System\lCZDZkI.exe
  C:\Windows\System\lCZDZkI.exe
  2⤵
  PID:8932
- C:\Windows\System\zlvROJl.exe
  C:\Windows\System\zlvROJl.exe
  2⤵
  PID:8836
- C:\Windows\System\zuatfcO.exe
  C:\Windows\System\zuatfcO.exe
  2⤵
  PID:9140
- C:\Windows\System\fuPKwQv.exe
  C:\Windows\System\fuPKwQv.exe
  2⤵
  PID:8588
- C:\Windows\System\CQHMOmo.exe
  C:\Windows\System\CQHMOmo.exe
  2⤵
  PID:9192
- C:\Windows\System\jQfpJZj.exe
  C:\Windows\System\jQfpJZj.exe
  2⤵
  PID:9036
- C:\Windows\System\TdpkqjG.exe
  C:\Windows\System\TdpkqjG.exe
  2⤵
  PID:8640
- C:\Windows\System\tCRffek.exe
  C:\Windows\System\tCRffek.exe
  2⤵
  PID:8220
- C:\Windows\System\jQDaRcz.exe
  C:\Windows\System\jQDaRcz.exe
  2⤵
  PID:8204
- C:\Windows\System\tCOiLvU.exe
  C:\Windows\System\tCOiLvU.exe
  2⤵
  PID:7244
- C:\Windows\System\JrmEsht.exe
  C:\Windows\System\JrmEsht.exe
  2⤵
  PID:8572
- C:\Windows\System\BclUqjh.exe
  C:\Windows\System\BclUqjh.exe
  2⤵
  PID:8280
- C:\Windows\System\dhjftxO.exe
  C:\Windows\System\dhjftxO.exe
  2⤵
  PID:8964
- C:\Windows\System\wYaeODM.exe
  C:\Windows\System\wYaeODM.exe
  2⤵
  PID:7844
- C:\Windows\System\VYiraQR.exe
  C:\Windows\System\VYiraQR.exe
  2⤵
  PID:8644
- C:\Windows\System\UPAGzID.exe
  C:\Windows\System\UPAGzID.exe
  2⤵
  PID:8948
- C:\Windows\System\OUgFAhD.exe
  C:\Windows\System\OUgFAhD.exe
  2⤵
  PID:8268
- C:\Windows\System\mXzLAtB.exe
  C:\Windows\System\mXzLAtB.exe
  2⤵
  PID:8200
- C:\Windows\System\eisXEJF.exe
  C:\Windows\System\eisXEJF.exe
  2⤵
  PID:8600
- C:\Windows\System\evixuVD.exe
  C:\Windows\System\evixuVD.exe
  2⤵
  PID:9172
- C:\Windows\System\NeKHSQu.exe
  C:\Windows\System\NeKHSQu.exe
  2⤵
  PID:8508
- C:\Windows\System\UUwhumP.exe
  C:\Windows\System\UUwhumP.exe
  2⤵
  PID:8456
- C:\Windows\System\edCRwfe.exe
  C:\Windows\System\edCRwfe.exe
  2⤵
  PID:8488
- C:\Windows\System\gAZUvJc.exe
  C:\Windows\System\gAZUvJc.exe
  2⤵
  PID:8364
- C:\Windows\System\zEluEbP.exe
  C:\Windows\System\zEluEbP.exe
  2⤵
  PID:8216
- C:\Windows\System\NHnyodi.exe
  C:\Windows\System\NHnyodi.exe
  2⤵
  PID:8696
- C:\Windows\System\ghFLVxf.exe
  C:\Windows\System\ghFLVxf.exe
  2⤵
  PID:8772
- C:\Windows\System\cyMmxSM.exe
  C:\Windows\System\cyMmxSM.exe
  2⤵
  PID:8708
- C:\Windows\System\JzMLSwy.exe
  C:\Windows\System\JzMLSwy.exe
  2⤵
  PID:8584
- C:\Windows\System\TqwJxrb.exe
  C:\Windows\System\TqwJxrb.exe
  2⤵
  PID:8740
- C:\Windows\System\yxEKpob.exe
  C:\Windows\System\yxEKpob.exe
  2⤵
  PID:8524
- C:\Windows\System\saXKjUP.exe
  C:\Windows\System\saXKjUP.exe
  2⤵
  PID:8888
- C:\Windows\System\JnDnsgV.exe
  C:\Windows\System\JnDnsgV.exe
  2⤵
  PID:8728
- C:\Windows\System\EwuehSU.exe
  C:\Windows\System\EwuehSU.exe
  2⤵
  PID:9056
- C:\Windows\System\pfFkVze.exe
  C:\Windows\System\pfFkVze.exe
  2⤵
  PID:9204
- C:\Windows\System\BgVYEDE.exe
  C:\Windows\System\BgVYEDE.exe
  2⤵
  PID:9232
- C:\Windows\System\BOvUGcz.exe
  C:\Windows\System\BOvUGcz.exe
  2⤵
  PID:9252
- C:\Windows\System\nOQuzTg.exe
  C:\Windows\System\nOQuzTg.exe
  2⤵
  PID:9272
- C:\Windows\System\KwmZHvi.exe
  C:\Windows\System\KwmZHvi.exe
  2⤵
  PID:9288
- C:\Windows\System\xOlDCKP.exe
  C:\Windows\System\xOlDCKP.exe
  2⤵
  PID:9312
- C:\Windows\System\LyEtjzr.exe
  C:\Windows\System\LyEtjzr.exe
  2⤵
  PID:9328
- C:\Windows\System\VcZSxBV.exe
  C:\Windows\System\VcZSxBV.exe
  2⤵
  PID:9348
- C:\Windows\System\rChXUYk.exe
  C:\Windows\System\rChXUYk.exe
  2⤵
  PID:9368
- C:\Windows\System\xoymGrA.exe
  C:\Windows\System\xoymGrA.exe
  2⤵
  PID:9384
- C:\Windows\System\XSPxKVY.exe
  C:\Windows\System\XSPxKVY.exe
  2⤵
  PID:9400
- C:\Windows\System\lBpVpDb.exe
  C:\Windows\System\lBpVpDb.exe
  2⤵
  PID:9424
- C:\Windows\System\nvCBkPm.exe
  C:\Windows\System\nvCBkPm.exe
  2⤵
  PID:9456
- C:\Windows\System\NGyzuNH.exe
  C:\Windows\System\NGyzuNH.exe
  2⤵
  PID:9472
- C:\Windows\System\LHZYrZT.exe
  C:\Windows\System\LHZYrZT.exe
  2⤵
  PID:9492
- C:\Windows\System\xyffrAm.exe
  C:\Windows\System\xyffrAm.exe
  2⤵
  PID:9512
- C:\Windows\System\SgWlvcR.exe
  C:\Windows\System\SgWlvcR.exe
  2⤵
  PID:9532
- C:\Windows\System\nPjcQxV.exe
  C:\Windows\System\nPjcQxV.exe
  2⤵
  PID:9552
- C:\Windows\System\bzMFgjN.exe
  C:\Windows\System\bzMFgjN.exe
  2⤵
  PID:9568
- C:\Windows\System\ZVMDFCI.exe
  C:\Windows\System\ZVMDFCI.exe
  2⤵
  PID:9584
- C:\Windows\System\UpvVMFy.exe
  C:\Windows\System\UpvVMFy.exe
  2⤵
  PID:9604
- C:\Windows\System\fqOMwCI.exe
  C:\Windows\System\fqOMwCI.exe
  2⤵
  PID:9624
- C:\Windows\System\xkdznSI.exe
  C:\Windows\System\xkdznSI.exe
  2⤵
  PID:9640
- C:\Windows\System\sotwNJD.exe
  C:\Windows\System\sotwNJD.exe
  2⤵
  PID:9676
- C:\Windows\System\orTKXqP.exe
  C:\Windows\System\orTKXqP.exe
  2⤵
  PID:9696
- C:\Windows\System\nOnLAdg.exe
  C:\Windows\System\nOnLAdg.exe
  2⤵
  PID:9712
- C:\Windows\System\WWWAaMz.exe
  C:\Windows\System\WWWAaMz.exe
  2⤵
  PID:9728
- C:\Windows\System\NYBVQCt.exe
  C:\Windows\System\NYBVQCt.exe
  2⤵
  PID:9744
- C:\Windows\System\bZNEJiX.exe
  C:\Windows\System\bZNEJiX.exe
  2⤵
  PID:9760
- C:\Windows\System\rwXnHjP.exe
  C:\Windows\System\rwXnHjP.exe
  2⤵
  PID:9776
- C:\Windows\System\WzMbOkS.exe
  C:\Windows\System\WzMbOkS.exe
  2⤵
  PID:9792
- C:\Windows\System\UulgAut.exe
  C:\Windows\System\UulgAut.exe
  2⤵
  PID:9824
- C:\Windows\System\Jhomufo.exe
  C:\Windows\System\Jhomufo.exe
  2⤵
  PID:9840
- C:\Windows\System\CGRAmPf.exe
  C:\Windows\System\CGRAmPf.exe
  2⤵
  PID:9856
- C:\Windows\System\sNaeFcE.exe
  C:\Windows\System\sNaeFcE.exe
  2⤵
  PID:9880
- C:\Windows\System\FkiDmMM.exe
  C:\Windows\System\FkiDmMM.exe
  2⤵
  PID:9900
- C:\Windows\System\OxHFEgs.exe
  C:\Windows\System\OxHFEgs.exe
  2⤵
  PID:9916
- C:\Windows\System\QcPuRRB.exe
  C:\Windows\System\QcPuRRB.exe
  2⤵
  PID:9940
- C:\Windows\System\yyXrDIY.exe
  C:\Windows\System\yyXrDIY.exe
  2⤵
  PID:9964
- C:\Windows\System\lwgyamB.exe
  C:\Windows\System\lwgyamB.exe
  2⤵
  PID:9992
- C:\Windows\System\CarwtYT.exe
  C:\Windows\System\CarwtYT.exe
  2⤵
  PID:10016
- C:\Windows\System\RdOjxxF.exe
  C:\Windows\System\RdOjxxF.exe
  2⤵
  PID:10032
- C:\Windows\System\WwmYybH.exe
  C:\Windows\System\WwmYybH.exe
  2⤵
  PID:10060
- C:\Windows\System\oyzpEPY.exe
  C:\Windows\System\oyzpEPY.exe
  2⤵
  PID:10084
- C:\Windows\System\QxFCbxi.exe
  C:\Windows\System\QxFCbxi.exe
  2⤵
  PID:10104
- C:\Windows\System\mhGYoOw.exe
  C:\Windows\System\mhGYoOw.exe
  2⤵
  PID:10120
- C:\Windows\System\yjJNTDa.exe
  C:\Windows\System\yjJNTDa.exe
  2⤵
  PID:10144
- C:\Windows\System\kmopdNb.exe
  C:\Windows\System\kmopdNb.exe
  2⤵
  PID:10160
- C:\Windows\System\FtSGLCC.exe
  C:\Windows\System\FtSGLCC.exe
  2⤵
  PID:10176
- C:\Windows\System\KpIarXR.exe
  C:\Windows\System\KpIarXR.exe
  2⤵
  PID:10192
- C:\Windows\System\HPPLDvi.exe
  C:\Windows\System\HPPLDvi.exe
  2⤵
  PID:10208
- C:\Windows\System\HAbFzan.exe
  C:\Windows\System\HAbFzan.exe
  2⤵
  PID:8412
- C:\Windows\System\WQgSSrW.exe
  C:\Windows\System\WQgSSrW.exe
  2⤵
  PID:9248
- C:\Windows\System\XdWQksy.exe
  C:\Windows\System\XdWQksy.exe
  2⤵
  PID:9260
- C:\Windows\System\oQuCTJb.exe
  C:\Windows\System\oQuCTJb.exe
  2⤵
  PID:9268
- C:\Windows\System\xWrkqKX.exe
  C:\Windows\System\xWrkqKX.exe
  2⤵
  PID:9432
- C:\Windows\System\YRcmAmt.exe
  C:\Windows\System\YRcmAmt.exe
  2⤵
  PID:9380
- C:\Windows\System\axcNIEW.exe
  C:\Windows\System\axcNIEW.exe
  2⤵
  PID:9344
- C:\Windows\System\hqkdxnG.exe
  C:\Windows\System\hqkdxnG.exe
  2⤵
  PID:9464
- C:\Windows\System\jbvpFLo.exe
  C:\Windows\System\jbvpFLo.exe
  2⤵
  PID:9504
- C:\Windows\System\TCUHsyX.exe
  C:\Windows\System\TCUHsyX.exe
  2⤵
  PID:9524
- C:\Windows\System\IAHWoPK.exe
  C:\Windows\System\IAHWoPK.exe
  2⤵
  PID:9596
- C:\Windows\System\SOUbzTB.exe
  C:\Windows\System\SOUbzTB.exe
  2⤵
  PID:9544
- C:\Windows\System\xPEBbNt.exe
  C:\Windows\System\xPEBbNt.exe
  2⤵
  PID:9548
- C:\Windows\System\heOUrAY.exe
  C:\Windows\System\heOUrAY.exe
  2⤵
  PID:9664
- C:\Windows\System\oBkeCFV.exe
  C:\Windows\System\oBkeCFV.exe
  2⤵
  PID:9684
- C:\Windows\System\kNEEcai.exe
  C:\Windows\System\kNEEcai.exe
  2⤵
  PID:9720
- C:\Windows\System\REBKpCo.exe
  C:\Windows\System\REBKpCo.exe
  2⤵
  PID:9736
- C:\Windows\System\mnewsUT.exe
  C:\Windows\System\mnewsUT.exe
  2⤵
  PID:9800
- C:\Windows\System\mcapjfU.exe
  C:\Windows\System\mcapjfU.exe
  2⤵
  PID:9816
- C:\Windows\System\AhEhpks.exe
  C:\Windows\System\AhEhpks.exe
  2⤵
  PID:9864
- C:\Windows\System\SqBojxq.exe
  C:\Windows\System\SqBojxq.exe
  2⤵
  PID:9908
- C:\Windows\System\AbTvPJI.exe
  C:\Windows\System\AbTvPJI.exe
  2⤵
  PID:9888
- C:\Windows\System\zYZjDmX.exe
  C:\Windows\System\zYZjDmX.exe
  2⤵
  PID:9928
- C:\Windows\System\oLHKMGK.exe
  C:\Windows\System\oLHKMGK.exe
  2⤵
  PID:10008
- C:\Windows\System\jXYrWoz.exe
  C:\Windows\System\jXYrWoz.exe
  2⤵
  PID:8744
- C:\Windows\System\WGFQnKI.exe
  C:\Windows\System\WGFQnKI.exe
  2⤵
  PID:10072
- C:\Windows\System\AHkGFLy.exe
  C:\Windows\System\AHkGFLy.exe
  2⤵
  PID:10132
- C:\Windows\System\TkPwIKU.exe
  C:\Windows\System\TkPwIKU.exe
  2⤵
  PID:10136
- C:\Windows\System\zrIlBuY.exe
  C:\Windows\System\zrIlBuY.exe
  2⤵
  PID:9228
- C:\Windows\System\kUErWSW.exe
  C:\Windows\System\kUErWSW.exe
  2⤵
  PID:9440
- C:\Windows\System\GqgUSZP.exe
  C:\Windows\System\GqgUSZP.exe
  2⤵
  PID:9448
- C:\Windows\System\GDHqUSs.exe
  C:\Windows\System\GDHqUSs.exe
  2⤵
  PID:10184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AUsTFQm.exe

Filesize
6.0MB

MD5
6c051344fb2b147e327bafb49bcee3f2

SHA1
694f48568f0624163ac9d9df1bca4fe1fe38f1de

SHA256
08260f953342f85ee71f3a0d3078e9e046c12f13e661417f18545f6e0ae0c3ec

SHA512
8601cae9223ab44eb72e69af4a0d529d59c3dc5c7b5e10274589a5090f3d780aaed4868831255f08dee7fa448d33e92e940fa03ff607d2efee6de2f0a5dec74e

Download Submit
C:\Windows\system\AdKkEhG.exe

Filesize
6.0MB

MD5
e5d788c335f5bcab02679ad3b1721291

SHA1
c3eba7f63ce400b8fb074dcf1206f69bdabf6f17

SHA256
5ccaea4fb8c1a3c101eeba0e249391fe0c2064b4cb195f5a407c3b877b6acb4e

SHA512
9e9403e00ff6cd1ca76f16858c846a90e5cb639df650c98a4650305506ae1b9bbbef80e48cc6ad3bf26aba05c7e54ec2fd3eeeb4df58550bd994c7c3180ea401

Download Submit
C:\Windows\system\BhIFgyV.exe

Filesize
6.0MB

MD5
c8b81b3a9a2786f5c96d3573402b8302

SHA1
c484ba604295dc32f1c717cbdc7cc545ac4f5dd2

SHA256
69dd68243a173803a332d3e52254b94f86d229b3e62aeb7367e41e1b85df0724

SHA512
3bd019ca39f0d9b0867aaa490aa69dd93ee53f5c404d81b2488ccd2eee8cee93193e739ff31136ee1fae9e2357ea5998a7cee24d0be1c1c7dd8d41afb14fb36b

Download Submit
C:\Windows\system\DLSaOAB.exe

Filesize
6.0MB

MD5
ad2bf43523dc4791d60cbc241847ca9d

SHA1
74484500b1d238934529add9e2b0f89b71fdeb6d

SHA256
6f23fa73b182e566ff84d009e56225fba7131b0cca44e7494c02bfd34c08de4b

SHA512
a1e1cf0a4ff8781b6241e0dc4587dfbc77e885334d38faece4688d6e4f2ffd0334676c882f7f137484138842085678b709006c1c09e16eaada0e83b032820f66

Download Submit
C:\Windows\system\FjillUL.exe

Filesize
6.0MB

MD5
ca95aaca7477cffc09be586f392df4c7

SHA1
a97b9e6ca83fc6314f5d7d705481fca529835a85

SHA256
8115def1f55d6e3cd67e5085a924171bbd28c593f53234ed1a9e985e4499cb5b

SHA512
c5edcd592f81c41528cc23b041429839bb8e58321c96c79c8c719065956e3ff675cf20a66e75dc872b860a6d6fd27b36a9ecbfa1b31011fa3c07c15d97aff6ca

Download Submit
C:\Windows\system\GFdZvey.exe

Filesize
6.0MB

MD5
7091c630d0326db5780e9a377d6fcac0

SHA1
824ec4fba251ae8f44f81ed83c04635b85e75f15

SHA256
2214178012d3c567e62cf3a6a05a50001f13e00a6a8927751d50e7b482e0272e

SHA512
104c6a3f1d1a2c907ace32adc5466db4c72a6dc801d4e9900103972eef0f116e959818d5c5509386d9b77f8d9953b71f4a04a85067eee4b22ec1053c0e7f2dc7

Download Submit
C:\Windows\system\LNkhACS.exe

Filesize
6.0MB

MD5
0d418c033d7587afa9b9c80cb00d16fc

SHA1
11fc312d1a89d3230c6f8d3377c3127f7e27cd2f

SHA256
ce924e98e149305770d8c5d8d59a7b6719762018664965367c021f11e87d907e

SHA512
3003a88331d1fbd4446358a619eee1a4840e9c6ee5bd4edc1958827178486194de734b62a5dd7ae0e0b54640da85bb1e2b3a01e68a72d7800cd9b6f8c0e4b52b

Download Submit
C:\Windows\system\OyJgYCL.exe

Filesize
6.0MB

MD5
62807e639410b8b1b75bbeec1734c991

SHA1
76a37d198026c83501a12076d449116ec1482f7e

SHA256
6b3d64d57eddc3a31b4e92d4e0456a7b220340725984b4216a333fb0e926bc94

SHA512
e48215cd95cc20e1f436bddb0271bbc981c7de93d2a3b9b5063a2ec27bfbd9c0a013ee074f759ad85c56f90a896b5bd6af2515cb588e013882b079c164b6fed7

Download Submit
C:\Windows\system\RuczjLw.exe

Filesize
6.0MB

MD5
eb6975ca768520104f8cace25c67fd28

SHA1
6692d8e4d5d2505232d52d6809e66282639a59a4

SHA256
5b34fae89c61ed15f0679b165976d6c5aae4a37b1e62a4f09c49274a9cde2235

SHA512
e1dd8e2745e81db6935b86ede0df7ee108f8f44496d74ca361840624a98313607c206a193bfaefddc1bc60ecfe4f3b42cbd87925e6fd5ecc03685f23999ad3a1

Download Submit
C:\Windows\system\UYgyNbV.exe

Filesize
6.0MB

MD5
655bdf88bc0887c8dbd770fc24c94dea

SHA1
f70760d2f000d2379c7a8a44cae40dd6480d0d9b

SHA256
0def2a1064d17803871d0bfc9395aa910da33362d730d97baf8cc834d62d1aa0

SHA512
06c731fabad692ad25b256432eb6c08221353c5da86f27cc8cd4eff30416e1cfe0deb5921f7ba6dc0bdfac32ae71241f6aab331d42d9743339c1f1aef1b78bdf

Download Submit
C:\Windows\system\UnFDguw.exe

Filesize
6.0MB

MD5
005b52b8b14bdb81143cd6cd2e7dc29f

SHA1
3f7982f01240fa2f725da611c2cb3eb33be69ca8

SHA256
fe971f5a9288857dd377bdd2d11eabb8b20b45ed5fd07f0165e0c696056afaf8

SHA512
8e3d8063080e6a222a3d5a21a1185c53fed6bb60990be4e2b252072599abc87476537f04f6f67f96d1aa51d87e3f2050964fcb6b8aa2267856fd0a4648876176

Download Submit
C:\Windows\system\VByPTFD.exe

Filesize
6.0MB

MD5
160a98bc3410c8e6337ddeffa9008f65

SHA1
784bbeada3c216889ba026c49e634cc15065a25f

SHA256
7ac25987e41b67c6587a26eb0e35dbfc046dd993abccdd1a8152ff75831a50c6

SHA512
a70a51e0d3a15d9677c95625362e79f4b75523ec6fcd98bc929a5a4040144d2b78609b4fedfe387d94a2acd21e51a15834fc7789914534cdbad088076fee5626

Download Submit
C:\Windows\system\ZGSksMX.exe

Filesize
6.0MB

MD5
bb51e36375ce6da4a4ab7e3fdf3bd16a

SHA1
38c3f0db678b9dd539ed3cc79391cae89af5b200

SHA256
92a7a6ad19fa9cce846cdbaa8165db5c649fb17e6c32ec6cf09865737bdecee7

SHA512
24de1dcea83b66f76e46cca42f051ad22e254481839542729f7dc3f528bd75afb181869b9ad8492b91bf6dae8865bea1a77b66ce747348eb9aa56164f02ed5f0

Download Submit
C:\Windows\system\bTNErCe.exe

Filesize
6.0MB

MD5
d39866754df8c2c42e92d862e81ccf4b

SHA1
bd3c75f3d6442f39322ccba7f25404430e029326

SHA256
7343f55ef79ebbc43260c58b24567113758acb2d82df875e01e75d665d5cc85d

SHA512
451d4f1814bf5e498aeb18a3385fbadcf41b29b6eaa1fb8accfaf9e9464d996cd4d9ebcffca6284918c35586bcc570dcc51ecdcb872c02f091f02b715adfc568

Download Submit
C:\Windows\system\dJqRXGp.exe

Filesize
6.0MB

MD5
5d2f4f06697ccbb1d7628b766edea1e4

SHA1
1ed2f4b4e3aed7408d6c03beffd813e6cd973d16

SHA256
6c339c2a2ea07fc7ead65d71f5851af5d09c7bf10d6ec693ee9b4accf378704a

SHA512
d42a7a959ae71fa2705acc4abd0e2401ba22fe7479a7a035bdffcf643f3f378a87215ade564dafd44ac9c32b415ad71591d8cb7f7ef327daf22ded15e9fe9eef

Download Submit
C:\Windows\system\hRNwokS.exe

Filesize
6.0MB

MD5
8f21dcfcc1ab06bca1ec8579a95efb8f

SHA1
8413c156c9a80e4000d8e3a5fab0f615ef292a4f

SHA256
04a3c71209a3963daf0e1e02935f000666edd991f7fdb5826432382ddc1de24e

SHA512
89945ca32e8e1798815c84dab8c531e5af2046739dd73dabe0f8e4d12c3bc6b7c755ee51ee59ad80ec86aa91b65e6a0835e2c7f6d884d4a078bb7011eecaf9e9

Download Submit
C:\Windows\system\lYGseZz.exe

Filesize
6.0MB

MD5
5e6bc2914829bd33da3185345d06ecc2

SHA1
f363dcc07aa176c5c8dd4070bfd0af459f1d6194

SHA256
b44dec467e1d09edff86e19e0ac144eabd5cf08c4d10bd15312bb11d2f264787

SHA512
e00ac32b29dd944db750c3f8b070ace2bd61d1669e0e5d32b7ecf7ba8bf4cb9d58301510e27a0b2e442f0442e40153966620e5dd9cea3e88886aa692530afc19

Download Submit
C:\Windows\system\pCZSavD.exe

Filesize
6.0MB

MD5
7416a66f2cb48d9918e919f098e4d654

SHA1
ec0505f1276986027d4f01a0f0fd5d95dfa2be3a

SHA256
a02d7e5d399ee63a71de1d2cc627592e655bc630bd562a23419e2cb26075e79f

SHA512
2e8be718c5d1de40f84d6d79f5efb8937ce8dbe62eac24ba487aa7dd1a124ab0ac3c0544daf92fb7a71771d87152d140097d65e4f2aacbc796da51280603fda6

Download Submit
C:\Windows\system\rjYDHHW.exe

Filesize
6.0MB

MD5
6ec02a522623bcec2b6a36d2b227f29d

SHA1
f8be7d6e99ef318665f63ee2e04433ffa72cc643

SHA256
3023c8a0c48ef1836d306ef98c2eaaf6aff95da479ec025ffcfbc7506198f250

SHA512
438bec466ce46b2fd72aa3fdb7b9470a3c4570b559b5d988dcb689279ee9cdf2ef8cbf2dbc4624280f0e0dde0733e873dfd244ef04649f58fca7fdf730281dfc

Download Submit
C:\Windows\system\tWchBPm.exe

Filesize
6.0MB

MD5
d6d3213c994777fdeb9da857de74475b

SHA1
a0642deb227d703f7fb87ba1e6025c4ec2c82744

SHA256
6a5f0245cc7c5b38955b1aac9ce283c3316fb439197b9130498964bd03fe8f80

SHA512
448dab764e7f9127d439270220476f22cbb944bcb65c744b1f31dab9c5570a70ee9c0dc58e00aacaae6bb6ea229375ac67446e7d0f3146355a6663d75d43c88f

Download Submit
C:\Windows\system\vTaNoAQ.exe

Filesize
6.0MB

MD5
677fcaeefebedcceec7fe20bac060d06

SHA1
2035c9003f1366d21fa6b29abd6cc8d57eb796c0

SHA256
5f40d284170e55fae4e7101d38e85ab75e0b9b83d3f5938aadd8a9d91f083a09

SHA512
ce9fb84cce136d08ebc062f5bfa2380bdb0303fd2f573ea0900d8387146c06553b1fee41ec590942a88930843c6ea7033ec084d4d56c6d24e8c7c59fa8226b43

Download Submit
C:\Windows\system\yVdmTwK.exe

Filesize
6.0MB

MD5
2b6db23ddbe9310e5cf8386164dc64cc

SHA1
14ea55f08338c11e06e2b64f3efe9040b0d1758c

SHA256
5657d27f11320ede37fa24ab4089731d292f8b74ce7f4ae363fb34c5e2501c1f

SHA512
f625af675264694c753a3563bd9cb79a956807a9f4aea5a11bad5200abda49bcfd4a089575e91ef56ba13e8e780cf95b0ea4819c07e3540c3ffbbe9f0369163d

Download Submit
C:\Windows\system\yfLqhiW.exe

Filesize
6.0MB

MD5
ea539387852ebf9347f4e8bc78e224d0

SHA1
abe794f3c960ec09ec3989347efe243067ace7e2

SHA256
6e26ae1d52083ab05f95f49a811e8b125353181e816ac75b50aad710a9b493cd

SHA512
f3832880f3525c565b7e856fab221e6fd6574851c714d891aa96b9413c00c30afdf00dbcc7e5dac2c45361c1383fc878a12c82f6d56f29f7c7a2ff048b87ee47

Download Submit
\Windows\system\FSjqaXF.exe

Filesize
6.0MB

MD5
f87319418dd63108b8b1d8a087ef7566

SHA1
c82626f35e982472c10600dca69b3f6acf3698f6

SHA256
e4fa3cb2e96be9c6c2eda10e0b01d63576fafdd102895c30960fd3790e062ea1

SHA512
3f89681f360da7a671d398295ce0356f707d5812a035639150642e3c5602b35a9e2ec7fe32f90dec002d8ecc29f96006c5661b75959bcede3ffdacf6818ab850

Download Submit
\Windows\system\LJyJpdU.exe

Filesize
6.0MB

MD5
3c1ee866dd9388bd68c086ca487f9f10

SHA1
eae2946994257c71a84e247e7cc7add73a0aef6b

SHA256
478b4f555f2a35fdf26b4fe081f74525fb602b4f5dd4a85a98cd28a63b239296

SHA512
eb53bded344969bb3756ee4424cb796343b6a480c4dd15d790d6dc5fd342c76d482da9878b7d9f5ccc9294a22977c2884ad6f40baa505c1d6d46269a23a107fb

Download Submit
\Windows\system\LnsAuPN.exe

Filesize
6.0MB

MD5
6cf53a2122ac6d7447510845bbd8d4df

SHA1
5262c7b3b76eda6abfad267736b35d0834de62b3

SHA256
861f66c01144f3f8cff0e6ac708bc3f02705ffb80d507e50b71aee7c1639d9bd

SHA512
4486da57f1d8d6834a3b38fb396e586278fa4fca75daea11cbe8a567517b4def87783a62ac1a6d7a469cd0b7a0bf0adc8ac4ae991d1ec522e8fdf96256764b31

Download Submit
\Windows\system\WowHPkU.exe

Filesize
6.0MB

MD5
82a1dae3035904a0da5c6d559488741a

SHA1
35b093b546d9bf31eb1188b27dc4d602ce0a37b2

SHA256
0886cdcf22150bddb85ec1bb4301981ea171a35cf78c78f5f2983f0eac5f5e79

SHA512
f2594192bfce6c80eaf391b088c95160d733500900ce1095ff9a4238c0a07337807d808f410d884d9f63f21fdabba69a21e83fbebb31a56bfd675014c2f3d809

Download Submit
\Windows\system\oDnnxHp.exe

Filesize
6.0MB

MD5
ae4187ebad23933db4476f153e36d6f5

SHA1
251597cf785a543a9d75c43ea37106a9292831d1

SHA256
41c28b103af8f22d29aa136ad1cf041731ba3d0f18bd7fa988872bde68dae6f2

SHA512
af95bbe40f3d41b278678c8610277c649adf408bfcf3f495237184b4ad17084ceb843130e87342b0a254da491d280a5c9db8fe14b1544f6c5c7d5951d3a6e268

Download Submit
\Windows\system\sIGijlm.exe

Filesize
6.0MB

MD5
60d9d03add6840f4afb32503d2cc77e5

SHA1
7ee8f7bd6b4659e9fb3b28d1593a9f49a68b130f

SHA256
5ccd53808b464297417e8b0f065607532abc91463061791c6d09cf70356b9bc7

SHA512
f5be72a74e93d093bf8c6055245697a9238134b0e0c7a3dc971660177da4caef36c7043d2e76b6cf514ab0b9d3377072978c5d2d3b15332e7e3bf4cd97a0e10e

Download Submit
\Windows\system\tdQhMjA.exe

Filesize
6.0MB

MD5
8fa15c8ceeebbc5bc21b9f4b49e0d939

SHA1
85f8f8d73ec3d48aaf4b97bcdcb26168ce154c34

SHA256
d57e84cc0df3a043c4e566073e9cd88608f1e08657e3c0c37f926abeba6365f2

SHA512
3109977a3cc5a917cb0c6fbec9399d36d536b7c34e58e075afab1dfb3d8e858bd43ef9ef1c2704d6ba56adeb60a61eca235713928733a30d544b1f609452804f

Download Submit
\Windows\system\uzfOkzh.exe

Filesize
6.0MB

MD5
778236b1dde0b5d4f532b5b242cbe967

SHA1
b4bb40ca2be634b440c538b82ca66b007653ef89

SHA256
b331b7c13fa520d6d3a2a5ba9a9561d8909084c3d17e4ebedba0dbd8f428b0ee

SHA512
7df978558c5e34ff823b1009f2b4e9690608086fba31999bbff82064a50492f887fdbcf22d8f08f9a374b94c858c6a5bf41bddec7c120b2cb1def0da38fde935

Download Submit
\Windows\system\xKFrBaY.exe

Filesize
6.0MB

MD5
e3fd08053617c0e65d3e3c5f7656e0ba

SHA1
542ae1e2183019ff85208beaefd395f1b0d70a33

SHA256
d4dfe09c56cfb22d7544543aa094bf39ef4997e3d431322a3409629f68a8167c

SHA512
3475f946d3ec5fac7903e5c869ac6d0ff8adec0d93bf5f8e8fc79ad91602f191a123d6e04ea2116946c22e785af016f39248ba7a0cece0252ac528613ff71a11

Download Submit
memory/1668-140-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/1668-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1668-77-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1379-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/1668-15-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/1668-36-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1668-61-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/1668-139-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1668-43-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-707-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/1668-26-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-918-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/1668-917-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/1668-32-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/1668-47-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2076-31-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-4012-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-12-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-57-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-4010-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-4015-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2252-34-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2252-335-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2356-65-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-4011-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-14-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-120-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4021-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2556-4023-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2556-132-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2604-107-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4020-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2620-114-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2620-4022-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2712-661-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4016-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-51-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-141-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4019-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4014-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2812-442-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2812-41-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2872-4017-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-136-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-4018-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-101-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-4013-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-94-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-29-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download